Desert Dexter.Attacks on Middle Eastern Countries

SUMMARY :

A malicious campaign targeting residents of Middle East and North Africa has been discovered, active since September 2024. The attackers create fake news groups on social media and publish posts with links to file-sharing services or Telegram channels containing modified AsyncRAT malware. The malware is designed to search for crypto wallets and interact with a Telegram bot. The most targeted countries include Egypt, Libya, UAE, Russia, Saudi Arabia, and Turkey. The attack chain involves multiple stages, including the use of PowerShell scripts and a reflective loader written in C#. The AsyncRAT modification includes an offline keylogger and collects information about crypto wallet extensions and software. The campaign has affected approximately 900 victims from various countries, including employees of companies in oil extraction, construction, IT, and agriculture sectors.

OPENCTI LABELS :

powershell,asyncrat,crypto wallets


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Desert Dexter.Attacks on Middle Eastern Countries