Latest Update20/12/2024

Threats Feed

  1. Public

    CopyKittens Targets Israeli Media and Palestinian Healthcare in Watering Hole Attacks

    The Iranian threat agent CopyKittens compromised multiple Israeli websites, including the Jerusalem Post, and one Palestinian Authority website between October 2016 and January 2017. The attackers bought access to the server to gain the access, inserting a single line of Javascript into existing libraries. This enabled them to load further malicious Javascript from a domain they controlled, selectively targeting users based on their IP addresses. The malicious payload used was the BeEF Browser Exploitation Framework.

    read more about CopyKittens Targets Israeli Media and Palestinian Healthcare in Watering Hole Attacks
  2. Public

    CopyKitten’s Spearphishing Attack on Israeli Ministry of Communications

    CopyKitten, a known cyber-attack group, has launched a spearphishing campaign targeting the Israeli government’s Ministry of Communications. The investigation commenced with the identification of a suspicious domain that led to multiple related domains. One such domain closely mimicked the Israeli Prime Minister's SSL VPN login page and was used to drop a malicious Word document titled "Annual Survey.docx." This document had an embedded OLE object that communicated with a C2 server, signifying a well-planned attack. The campaign appears to be part of CopyKitten's ongoing activities against Israeli interests.

    read more about CopyKitten’s Spearphishing Attack on Israeli Ministry of Communications