top of page
  • Clipeus

TA402 Campaign Targeting MENA

On 14 November, Proofpoint released an analysis of recent TTPs observed in a TA402-attributed campaign targeting government organizations across the Middle East and North Africa. TA402 (a.k.a. Molerats) has historically employed Arabic-language economic-themed documents as phishing lures for initial intrusion. Recently, in conjunction with the outbreak of the military operations in the Middle East, the actor shifted towards war-related lures. Yet, the main innovation regards the attack chain which maintains IP-based geofencing - to ensure targeted users are from the intended region - but employed a new customized downloaded - dubbed "Iron Wind" - as stager.


Commenting has been turned off.

If you are interested in specifics or additional insights on the threats above or any other threat, please visit our dedicated service page or reach out to with your inquiry. We would be glad to assist you

bottom of page