Molerats

Threat Actor updated a month ago (2024-11-29T13:58:00.167Z)
Download STIX
Preview STIX
Molerats, also known as the Gaza Cybergang Group1, is a threat actor group historically associated with Hamas. The group has been tracked for over a decade under various names including Frankenstein and WIRTE, among others. Molerats, along with five other groups including APT 35 and Moses Staff, are linked to Iran, while two other groups have ties to China. The group primarily targets organizations in Saudi Arabia, the United Arab Emirates, and Israel, using advanced persistent threats (APTs) for their operations. The Molerats group has displayed significant adaptability and persistence, recently leveraging an improved downloader as part of its initial access operations. Furthermore, it is believed to be behind attacks on Israeli targets using a Rust-based version of SysJoker, a multi-platform backdoor first discovered by Intezer in 2021. This suggests a high level of sophistication and ability to exploit multiple platforms for malicious activities. Notably, new variants of SysJoker have revealed connections to Operation Electric Powder, a series of targeted attacks against Israeli organizations between 2016-2017, previously linked to Molerats. Despite the absence of activity from other Hamas-connected cyber threat actors like Extreme Jackal and Renegade Jackal after the Oct. 7 terrorist attack in Israel, Molerats continues to pose a significant threat. The group's long history, combined with its evolving tactics and techniques, underscores the need for continued vigilance and robust cybersecurity measures.
Description last updated: 2024-11-15T15:55:29.596Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Gaza Cybergang is a possible alias for Molerats. Gaza Cybergang, a threat actor group affiliated with Hamas, has been active since at least 2012, targeting entities in the Middle East and North Africa. The group's activities primarily involve intelligence collection and espionage campaigns against Palestinian and Israeli victims. Researchers have
5
TA402 is a possible alias for Molerats. TA402, also known as Molerats, Gaza Cybergang, Frankenstein, and WIRTE, is a threat actor that has been tracked by cybersecurity researchers for over a decade. This group, associated with pro-Palestinian interests, is known for its innovative and persistent cyber espionage activities, frequently ret
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Phishing
Hamas
Apt
Malware
Backdoor
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Sysjoker Malware is associated with Molerats. SysJoker is a sophisticated malware, short for malicious software, that has been leveraged by a Hamas-linked Advanced Persistent Threat (APT) against Israel. Unlike other malware, SysJoker is written in Rust, a programming language known for its performance and safety, which makes it more challenginUnspecified
2
Source Document References
Information about the Molerats Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
DARKReading
a month ago
Checkpoint
a month ago
DARKReading
9 months ago
DARKReading
10 months ago
DARKReading
a year ago
DARKReading
a year ago
DARKReading
a year ago
DARKReading
a year ago
InfoSecurity-magazine
a year ago
CERT-EU
a year ago
Securityaffairs
a year ago
Checkpoint
a year ago
Checkpoint
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
DARKReading
a year ago
CERT-EU
a year ago
MITRE
2 years ago
MITRE
2 years ago