Threat Group “Operation Ghoul” Targets Industrial Sectors Around the Globe

By Joseph Lorenz on August 18, 2016

Source: http://www.securityweek.com/organizations-30-countries-targeted-operation-ghoul , https://threatpost.com/operation-ghoul-targeting-middle-eastern-industrial-engineering-organizations/119928/ (SecurityWeek, Threatpost)

Threat group dubbed as Operation Ghoul has been targeting  industrial, petrochemical, naval, military, aerospace, solar energy, and other sectors. Their activities can be traced back as far as March 2015 where they have been trying to make a profit by hijacking bank accounts and stealing intellectual property to sell to interested parties. They have targeted 130 organizations in over 30 countries including Spain, Pakistan, UAE, India, Egypt, UK, Germany, and more. Most of the attacks that have been observed by Kaspersky in June have been focused toward the Middle East, particularly the United Arab Emirates.

According to researchers from Kaspersky labs, the attacks start with a malicious email coming from a spoofed address that appears to be coming from a bank. The phishing emails usually contain a compressed .7z attachment. If the attachment is opened the Hawkeye malware is triggered and it will collect passwords, keystrokes, clipboard data, FTP credentials, app license information, and account data from browsers.  The emails are usually sent to executives and other high-ranking officials in an organization, most likely in an attempt to get the highest amount of sensitive data.