Today, Minerva Labs Research team and ClearSky Cyber Security published an in-depth report on a new threat actor operating in the Middle East. We dubbed the new actor "CopyKittens" because of the fact that a large portion of its “homemade” espionage framework was copied from online websites and open source projects. The group has been specifically targeting the Israeli Foreign Affairs Ministry as well as other high value targets in the country.
Our combined research team has tracked CopyKittens activity back to October 2014, when they were already using a previously unreported, "homemade" framework. Each part of the frameworks was built to integrate with its subsequent step hence we decided to name this tool ״Matryoshka״. Like the Matryoshka doll, the components of this attack tools are nested, performing multiple stages of opening before releasing the final remote access tool (RAT). This method along with other tricks used by this actor helps them avoid detection and to remain hidden while spying on individual targets.
Minerva prevents such attacks before any damage occurrs, without the need to detect or analyze it first and without prior knowledge.
Want to see us in action? - Request a demo!
Minerva – don't chase, PREVENT!
The full white paper can be downloaded from here.