Hamas-Affiliated Ashen Lepus Targets Middle Eastern Diplomatic Entities With New AshTag Malware Suite
Essential information
- Published
- 11/12/2025 12:06
- Modified
- 21/12/2025 18:59
- Tags
- 2025-12-11 ashenloader ashenorchestrator ashenstager ashtag diplomatic espionage governmental hamas
- Related entities
- 19 observables, 1 intrusion sets (apt), 16 techniques (mitre), 4 malware, 17 others
Description
The report details a long-running espionage campaign by Ashen Lepus, a Hamas-affiliated threat group, targeting governmental and diplomatic entities in the Middle East. The group has developed a new malware suite called AshTag, which includes enhanced custom payload encryption, infrastructure obfuscation, and in-memory execution. Ashen Lepus has expanded its targeting beyond traditional geographic boundaries, now including entities in Oman and Morocco. The AshTag malware suite employs a multi-stage infection chain, utilizing decoy PDFs and RAR archives to deliver its payloads. The group has also updated its C2 architecture to evade detection and blend with legitimate traffic.