Threats Feed
- Public
Rocket Kitten’s Operation Woolen-GoldFish Targets Israeli and European Organizations
This Trend Micro report details the activities of Rocket Kitten, a cyber threat group targeting Israeli and European organisations. The report focuses on two campaigns: a malware campaign using the GHOLE malware, possibly dating back to 2011, and a suspected state-sponsored operation, 'Operation Woolen-GoldFish', involving spear-phishing attacks. Analysis shows possible links to an individual using the alias "Wool3n.H4t", possibly Iranian, and highlights the group's increasing sophistication despite using relatively simple techniques such as macros. The overall aim is to inform readers of Rocket Kitten's methods and suspected politically motivated objectives, suggesting Iranian involvement.
read more about Rocket Kitten’s Operation Woolen-GoldFish Targets Israeli and European Organizations - Public
Gholee Malware Exploits Israel-Gaza Conflict Theme in Targeted Cyberattack
During the 2014 Israel-Gaza conflict, an operation themed "protective edge" spear phishing campaign emerged, targeting Israeli entities. The Gholee malware, delivered via a malicious Excel file named ‘Operation Protective Edge.xlsb’, utilized social engineering and VBA macro execution to compromise systems. The malware featured advanced obfuscation and evasion techniques, including ASCII character encoding and debugger detection, to avoid security measures. It communicated with a server in Kuwait, using an outdated SSL certificate, suggesting sophisticated threat actors possibly linked to state-sponsored activities.
read more about Gholee Malware Exploits Israel-Gaza Conflict Theme in Targeted Cyberattack