top of page
Clipeus

TA402 Campaign Targeting MENA

On 14 November, Proofpoint released an analysis of recent TTPs observed in a TA402-attributed campaign targeting government organizations across the Middle East and North Africa. TA402 (a.k.a. Molerats) has historically employed Arabic-language economic-themed documents as phishing lures for initial intrusion. Recently, in conjunction with the outbreak of the military operations in the Middle East, the actor shifted towards war-related lures. Yet, the main innovation regards the attack chain which maintains IP-based geofencing - to ensure targeted users are from the intended region - but employed a new customized downloaded - dubbed "Iron Wind" - as stager.

If you are interested in specifics or additional insights on the threats above or any other threat, please visit our dedicated service page or reach out to info@clipeusintelligence.com with your inquiry. We would be glad to assist you

bottom of page