The Molerats, a group of Middle Eastern hackers, attacked several major public organizations over the months of April and May, reported malware security firm FireEye.
FireEye also reported that new research revealed a wider range of attacks that dates back to October 2011, in connection with the Gaza Hackers Team which used the Trojan identified as Poison Ivy.
However, Timothy Dahms, a threat intelligence analyst for FireEye, explained that the latest attacks by the Molerats used another form of Trojan: the Xtreme RAT.
"Although a large number of attacks against our customers appear to originate from China, we are tracking lesser-known actors also targeting the same firms," Dahms said in FireEye's blog. "Molerats campaigns seem to be limited to only using freely available malware; however, their growing list of targets and increasingly evolving techniques in subsequent campaigns are certainly noteworthy."
In the latest attacks by the Molerats, which occurred between April 29 and May 27, the hacker group tried to establish an espionage operation on the digital infrastructure of their targets. The complete list of the targets of the attacks include Israeli and Palestine surveillance targets, the British Broadcasting Corporation, a major financial institution in the U.S., government organizations in Europe and government departments in Turkey, Israel, Slovenia, New Zealand, Macedonia, Latvia, the U.K. and the U.S.
The Office of the Quarter Representative, a group that includes the United Nations, the European Union, Russia and the U.S. that is looking to mediate peace negotiations in the Middle East, was also attacked.
However, security researchers are not sure of the motivation of the hacker group. One possible reason is that the Molerats is simply a syndicate that is trying to gain access to the information of as many organizations as possible, which they can then sell for profit.
"I think it's likely to be criminally led as they don't seem to care which side of the political argument targets lie," said University of Surrey's Department of Computing security expert Professor Alan Woodward. "There is some evidence that criminals are speculatively firing out RATs to hook as many as possible with a view to selling Crime as a Service (CAAS). The reason they like RATs is that they can then sell the access to a wide variety of 'clients' once they have particular victims ensnared."
Attacks by the Molerats typically used spear phishing e-mails that tried to trick users into clicking on a link or attachment to malicious content.