- Aug 17, 2014
A stealthy hacking group named WIRTE has been linked to a government-targeting campaign conducting attacks since at least 2019 using malicious Excel 4.0 macros.
The primary targeting scope includes high-profile public and private entities in the Middle East, but researchers also observed targets in other regions.
Kaspersky analyzed the campaign, toolset, and methods, and concluded with low confidence that WIRTE has pro-Palestinian motives and is suspected to be part of the 'Gaza Cybergang'.
WIRTE's phishing emails include Excel documents that execute malicious macros to download and install malware payloads on recipients' devices
While the main focus of WIRTE's attacks government and diplomatic entities, Kaspersky has seen these attacks targeting a wide variety of industries throughout the Middle East and other regions.
"Our telemetry indicates that the threat actor has targeted a variety of verticals, including diplomatic and financial institutions, government, law firms, military organizations, and technology companies," explained Kaspersky's report.
"The affected entities are located in Armenia, Cyprus, Egypt, Jordan, Lebanon, Palestine, Syria, and Turkey."