Stealthy ‘WIRTE’ Gang Targets Middle Eastern Governments
On Monday, Kaspersky released a report detailing its latest findings pertaining to a threat actor tracked as WIRTE. Kaspersky stated that the group has been attacking Middle Eastern governments since at least 2019, leveraging malicious Excel 4.0 macros and other tactics. Kaspersky found that the group planted Microsoft Excel droppers in hidden spreadsheets and VBA macros to launch intrusions, fingerprint systems, and execute code on infected machines. According to researchers, the technique was very similar to those used by the MuddyWater advanced persistent threat group. MuddyWater has also targeted government victims in the Middle East, with the goal of exfiltrating data.
In 2019, Kaspersky reported that it had observed MuddyWater hacking and stealing credentials from governmental and telco targets in the Middle East through deploying an expendable set of tools that revealed the capabilities and sophistication of MuddyWater. Although the most recent intrusions look similar to MuddyWater’s attack methods, they two use slightly different procedures and tactics. Additionally, WIRTE may have ties to the politically motivated Palestine-focused group Gaza Cybergang. The group is Arabic-speaking and previously observed actively targeting the Middle East and North Africa. Kaspersky made the connection between WIRTE and the Gaza Cybergang with low confidence.