HQ/EMEAFind out how we can help your business
An ongoing cybercriminal campaign from the Earth Bogle group is rampaging in the Northern parts of Africa and the Middle East. Researchers revealed they had spotted geopolitical-themed lures on the group’s campaign to scour potential targets in the earlier-mentioned regions.
Moreover, these lures from the threat actors become a vector for their payload, a remote access trojan called NjRAT (also known as Bladabindi).
The Earth Bogle group has never stopped deploying attacks since last year.
According to investigations, the Earth Bogle group has initiated its cybercriminal operations since at least the first half of 2022. However, the group has not taken breaks in their activities and continued its campaigns this new year.
Researchers explained that the Earth Bogle cybercriminal campaign utilises multiple cloud storage services like the failiem[.]lv to store malware. On the other hand, the actors also used NjRAT for their attacks via infected web servers.
Additionally, the lure documents used by the group for their operation have a very minute detection rate on VirusTotal. This advantage allowed the threat actors to remain undetected and conduct more attacks.
The operators of this campaign are currently using public cloud hosting services to store malicious CAB archives. Earth Bogle actors also used geopolitical-themed lures to attract potential targets from the Middle East into accessing their infected files.
A researcher spotted a sample file, a CAB archive pretending to be a sensitive voice message conversation between a UAE military officer and the Tariq bin Ziyad (TBZ) Militia.
However, once the victim opens the compromised file, it will infect the user’s device with a second-stage dropper that contains a PowerShell script. Subsequently, the file adds another PowerShell dropper to load the remote access trojan in the device’s memory.
Cybersecurity experts advised regional organisations to remain alert against phishing attacks. In addition, the experts emphasised that emails from unknown sources that contain intriguing topics should be marked with red flags.
Finally, users from the Middle East and North Africa should stay alert and review the contents of a file with anti-malware solutions to mitigate the chances of getting infected and avoid falling victim to the Earth Bogle campaign.
