Threats Feed
- Public
CopyKittens Targets Israeli Media and Palestinian Healthcare in Watering Hole Attacks
The Iranian threat agent CopyKittens compromised multiple Israeli websites, including the Jerusalem Post, and one Palestinian Authority website between October 2016 and January 2017. The attackers bought access to the server to gain the access, inserting a single line of Javascript into existing libraries. This enabled them to load further malicious Javascript from a domain they controlled, selectively targeting users based on their IP addresses. The malicious payload used was the BeEF Browser Exploitation Framework.
read more about CopyKittens Targets Israeli Media and Palestinian Healthcare in Watering Hole Attacks - Public
CopyKitten’s Spearphishing Attack on Israeli Ministry of Communications
CopyKitten, a known cyber-attack group, has launched a spearphishing campaign targeting the Israeli government’s Ministry of Communications. The investigation commenced with the identification of a suspicious domain that led to multiple related domains. One such domain closely mimicked the Israeli Prime Minister's SSL VPN login page and was used to drop a malicious Word document titled "Annual Survey.docx." This document had an embedded OLE object that communicated with a C2 server, signifying a well-planned attack. The campaign appears to be part of CopyKitten's ongoing activities against Israeli interests.
read more about CopyKitten’s Spearphishing Attack on Israeli Ministry of Communications