An ongoing spyware campaign targets Yemen attendees and aid workers
A sophisticated spyware campaign has been uncovered by the Insikt Group, which is targeting attendees of Saudi government-led negotiations on Yemen along with humanitarian and reconstruction aid workers working toward Yemeni stability, on behalf of the pro-Houthi movement. Insikt Group researchers have been monitoring the activities of threat group OilAlpha since May 2022, and they have found that OilAlpha is using messenger applications such as WhatsApp to social engineer targets into downloading a malicious Android application. The app comes loaded with remote access Trojans (RATs) like SpyNore and SpyMax.
The use of infrastructure traced back to the Public Telecommunication Corporation (PTC)
Notably, OilAlpha uses infrastructure traced back to the Public Telecommunication Corporation (PTC), which is a business owned by the government of Yemen, under the control of Houthi-aligned officials. According to the researchers, “the group’s operations have reportedly included targeting persons attending Saudi Arabian government-led negotiations; coupled with the use of spoofed Android applications mimicking entities tied to the Saudi Arabian government and a UAE humanitarian organization (among others).”
Potential targets include individuals the Houthis wanted direct access to
It is believed that the attackers targeted individuals the Houthis wanted direct access to, as of the report’s writing. This discovery has raised concerns about the Houthis’ potential to launch successful espionage attacks against Yemen‘s government employees, foreign officials and humanitarian aid organizations.
Editorial and recommendations
The use of spyware is highly unethical and unacceptable, and the attacks that specifically target attendees of negotiations and aid workers are particularly concerning. The Houthis’ use of spyware can pose a significant threat to Yemeni stability and the ability of foreign officials and humanitarian aid organizations to carry out their operations within Yemen. Yemeni and global leaders must take appropriate measures to address the situation. This includes raising awareness among potential targets and implementing better protection protocols to prevent such activities going unnoticed.
It is also crucial to hold accountable anyone who engages in illegal surveillance activities. Governments and leaders must prioritize cybersecurity, working with international partners to develop comprehensive security measures to protect against cyber threats that endanger the security of individuals and the stability of nations.
<< photo by Sigmund >>
You might want to read !
- “Unveiling the Threat: Pro-Houthi Hackers Espionage Tactics in Arabian Peninsula”
- “Google Takes a Step Forward in Prioritizing User Privacy and Security with Latest Upgrades”
- How Privoro and Samsung’s Partnership is Ensuring Secure Control of Smartphone Radios and Sensors
- “Rising Concerns as Hackers Sell Access to Critical Energy Sector ICS/OT Systems on Dark Web Marketplaces”
- “Cybersecurity Ascends to Boardroom Status, Leading to Robust Security Strategies”
- Strengthening Your Security Measures: A Guide to Protecting Your Organization from Vulnerabilities
- Uncovering the New Wave of Cyber Threats by Houthi-Linked Groups Targeting Android Users in the Arabian Peninsula
- Microsoft Report Reveals Alarming Nation-State Threats and Growing Cyber Mercenary Activity
- “Flying into the Future: TSA Introduces Facial Recognition as Next Step in Airport Security”
- “Tech Giants Join Forces to Expose Misuse of Bluetooth Trackers”
