Molerats

Also known as: ALUMINUM SARATOGA, Aluminum Saratoga, BLACKSTEM, Extreme Jackal, G0021, Gaza cyber gang, Gaza Cybergang, Gaza cybergang, Gaza Hacker Team, Gaza Hackers Team, Molerats, Moonlight, Operation Molerats

Molerats is an Arabic-speaking, politically-motivated threat group that has been operating since 2012. The group’s victims have primarily been in the Middle East, Europe, and the United States. DustySky DustySky2 Kaspersky MoleRATs April 2019 Cybereason Molerats Dec 2020

🌍 Country Palestine
πŸ“… Activity 2013 β€” 2023
🎯 Incident Type Espionage
🧭 ATT&CK G0021
Government Defense Energy Finance Healthcare Pharmaceuticals Education Media NGOs Civil Society Legal Military
2013
2023

Targeted Victims

United States Israel Palestine Middle East Europe

Associated Operations

Molerats DustySky TopHat

Introduction

Molerats is an Arabic-speaking, politically-motivated threat group that has been operating since 2012. The group’s victims have primarily been in the Middle East, Europe, and the United States. DustySky DustySky2 Kaspersky MoleRATs April 2019 Cybereason Molerats Dec 2020

Activities and Tactics

Targeted Sectors: Government, Defense, Energy, Finance, Healthcare, Pharmaceuticals, Education, Media, NGOs, Civil Society, Legal, Military

Country of Origin: 🏳️ Palestine

First Seen: 2013

Last Activity: 2023

Incident Type: Espionage

Suspected Victims: United States, Israel, Palestine, Middle East, Europe

Notable Campaigns

  • Molerats
  • DustySky
  • TopHat

Tactics, Techniques, and Procedures (TTPs)

ATT&CK technique IDs (denormalized)

Notable Indicators of Compromise (IOCs)

No atomic indicators are listed in this profile. The APTnotes snapshot indexes 4 public reports that may contain IOCs; see Source Attribution for dataset links.

Malware and Tools

  • Archelaus Beta
  • Poison Ivy:
  • DustySky:
  • NeD Worm:
  • Scote:
  • Don’t Kill My Cat (DKMC):
  • RTFs Exploiting CVE-2017-0199:

MITRE ATT&CK Software

Attribution and Evidence

Country of Origin: Palestine Additional attribution information pending cataloguing.

References

[1] mitre-attack [5] DustySky2 ClearSky Cybersecurity. (2016, June 9). Operation DustySky - Part 2. Retrieved August 3, 2016. [6] DustySky ClearSky. (2016, January 7). Operation DustySky. Retrieved January 8, 2016. [7] Cybereason Molerats Dec 2020 Cybereason Nocturnus Team. (2020, December 9). MOLERATS IN THE CLOUD: New Malware Arsenal Abuses Cloud Platforms in Middle East Espionage Campaign. Retrieved December 22, 2020. [8] Kaspersky MoleRATs April 2019 GReAT. (2019, April 10). Gaza Cybergang Group1, operation SneakyPastes. Retrieved May 13, 2020. [9] FireEye Operation Molerats Villeneuve, N., Haq, H., Moran, N. (2013, August 23). OPERATION MOLERATS: MIDDLE EAST CYBER ATTACKS USING POISON IVY. Retrieved November 17, 2024.