Earth Bogle: Campaigns Target the Middle East with Geopolitical Lures

Earth Bogle: Campaigns Target the Middle East with Geopolitical Lures

Malware

We discovered an active campaign ongoing since at least mid-2022 which uses Middle Eastern geopolitical-themed lures to distribute NjRAT (also known as Bladabindi) to infect victims across the Middle East and North Africa.

By: Peter Girnus, Aliakbar Zahravi January 17, 2023 Read time:  ( words)

While threat hunting, we found an active campaign using Middle Eastern geopolitical themes as a lure to target potential victims in the Middle East and Africa. In this campaign we have labeled Earth Bogle, the threat actor uses public cloud storage services such as files.fm and failiem.lv to host malware, while compromised web servers distribute NjRAT.

NjRAT (also known as Bladabindi) is a remote access trojan (RAT) malware first discovered in 2013. It is primarily used to gain unauthorized access and control over infected computers and has been used in various cyberattacks to target individuals and organizations in the Middle East. Users and security teams are recommended to keep their systems’ security solutions updated and their respective cloud infrastructures properly secured to defend against this threat.

Routine

Figure 1. Attack kill chain

The malicious file is hidden inside a Microsoft Cabinet (CAB) archive file masquerading as a “sensitive” audio file, named using a geopolitical theme as a

Read more

Explore the site

More from the blog

Latest News