The APT group  tracked as TA402 but widely known as Molerats has been observed using a new implant dubbed ‘NimbleMamba’. This comes as part of a cyber-espionage campaign leveraging geofencing and URL redirects to legitimate websites.
Proofprint discovered the campaign and their analysts observed three variations of the infection chain, all targeting governments in Middle Eastern countries, foreign policy think tanks, and a state-owned airline.
The threat actors first used the new implant in November 2021, carrying it through to late January 2022.
The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY
Follow Us
© 2015 – 2019 IT Security Guru – Website Managed by Calm Logic
© 2015 – 2019 IT Security Guru – Website Managed by Calm Logic
This site uses functional cookies and external scripts to improve your experience.
Privacy settings
Privacy Settings / PENDING
This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.
NOTE: These settings will only apply to the browser and device you are currently using.
GDPR Compliance

source

You May Also Like

Ukrainian government targeted in cyberattack

Over a dozen Ukrainian government website have been down since Friday, following…

New attack technique makes phishing near undetectable

A new phishing technique dubbed browser-in-the-browser (BitB) attack allows threat actors to…

Sensitive business addresses published in COVID data breach

The addresses of defence sites, a missile maintenance unit and domestic violence…