Molerats/APT-C-37: AT&T Security has found that many reports outlining events in 2019 identified Molerats and APT-C-37 being behind a number of attacks, but because of similarity in their Tactics, Techniques, and Procedures (TTP’s) researchers believe some attacks were attributed incorrectly. Both of these groups target the Middle East and North African region through the use of phishing emails that contain decoy documents in Arabic. Primarily, the documents related to the current political situation in the specific region that was targeted. APT-C-37 is known as the Syrian Electronic Army and has been active since 2015. Molerats has been seen carrying out attacks since 2012 and is believed to be part of the Gaza Hacker Team, specifically Cybergang Group 1. APT-C-37 was attributed to multiple attacks in 2019 as was Molerats. However, the analysis by AT&T speculates that there are enough differences in the attacks that they do not believe either group is behind them at this time.
Note: this post was originally shared on https://squiblydoo.blog/ by a member of the Binary Defense Team. In