A new potentially geopolitically-motivated cyberattack dubbed Operation Parliament has been targeting governmental departments and large private entities across the Middle East, according to global cybersecurity company Kaspersky Lab.
Operation Parliament has so far affected an unknown number of organizations in over 27 countries, mostly in the Middle East and North Africa, including Egypt, Iran, Iraq, Jordan, Kuwait, Lebanon, Morocco, Oman, Palestine, Qatar, Saudi Arabia and the U.A.E. Financial impact of the attack has not been disclosed.
In a campaign believed to have been active since 2017, the cybercriminals targeted selected victims through malware disguised as legitimate email attachments. Upon opening the attachments victims unwittingly gave the criminals access to their systems, enabling them to remotely gain control over their devices and mine data, as well as activate tools such as webcams. It is believed that the attackers had previously gained access to large databases of contacts for sensitive organisations and targeted non-trained staff.
The criminal group “hid in plain sight” accordingly to Kaspersky Lab. The malware was first discovered during an operation to uncover a phishing scam targeting political figures. At first it appeared to be the work of another group already known to officials. However, under further inspection the encrypted malware was found to be very different to any previous attacks.
Victims are known to include parliaments, senates, top state offices and officials, political science scholars, military and intelligence agencies, ministries, media outlets, research centres, election commissions, Olympic organizations and large trading companies. Over 130 individual users have been identified as victims so far. Efforts are now underway by law enforcers to find the group behind the attacks and prevent any further damage.
“Operation Parliament is another symptom of the continuously developing tensions in the Middle East and North Africa. We are witnessing higher sophistication and smarter techniques used by attackers and it doesn’t look like they will stop or slow down anytime soon” said Mohamad Amin Hasbini, Senior Security Researcher, Global Research & Analysis Team at Kaspersky Lab.
Kaspersky Lab made the announcement at their 4th Cybersecurity Weekend held in Istanbul, Turkey, in April.