Kaspersky Lab Uncovers “Operation Parliament”: A new Cyberespionage campaign Targeting Organisations in the MENA Region

Kaspersky Lab

During Kaspersky Lab’s Cyber Security Weekend for the Middle East, Turkey and Africa, a new cyberespionage campaign was announced: “Operation Parliament” is targeting high profile organisations from around the world with a focus on the Middle East and North Africa. The attacks have been active since 2017 and have targeted top legislative, executive and judicial powers, including but not limited to governmental and large private entities from the region, including the UAE, Saudi Arabia, Jordan, Palestine, Egypt, Kuwait, Qatar, Iraq, Lebanon, Oman, Djibouti and Somalia – all together company experts detected victims in 27 countries.

Kaspersky Lab experts believe that “Operation Parliament” represents a new geopolitically motivated threat actor that is highly active and skilled. Attackers are also believed to have access to an elaborate database of contacts for sensitive organisations and personnel worldwide, especially of non-trained staff. Victims of the attacks include government entities, political figures, military and intelligence agencies, media outlets, research centers, Olympic foundations and large private companies.
Kaspersky lab
Based on the findings, the attackers infiltrated their victims using malware that provides them with a remote cmd/powershell terminal that enables them to execute any scripts/commands and receive the result through http requests. The attacks have taken great care to stay under the radar and have used techniques to verify the victims’ devices before infiltrating them. Kaspersky Lab products successfully detect and block attacks conducted using these techniques.

“Operation Parliament is another symptom of the continuously developing tensions in the Middle East and North Africa. We are witnessing higher sophistication and smarter techniques used by attackers and it doesn’t look like they will stop or slow down anytime soon,” said Mohamad Amin Hasbini, Senior Security Researcher, Global Research & Analysis Team, Kaspersky Lab. “The type of people and organisations targeted in this attack campaign should elevate their levels of cyber maturity in order to mitigate such attacks in the future”, he added.

In order to prevent businesses from falling victim to such an attack, Kaspersky Lab researchers advises organisations to exert special attention and extra measures, including:
• Train staff to be able to distinguish spearphishing emails or a phishing link from legitimate emails and links.
• Use not only proven corporate-grade endpoint security solution but also a combination of specialised protection against advanced threats, such as Threat Management and Defense , which is capable of catching attacks by analysing network anomalies.
• Follow strict rules to avoid data leaks and deploy techniques to prevent insider threats.
For more details about cyberespionage campaign “Operation Parliament” please check the link to Securelist.