Supposed Grasshopper: operators impersonate Israeli government and private companies to deploy open-source malware
Essential information
- Published
- 28/06/2024 14:58
- Modified
- 28/06/2024 15:27
- Tags
- 2024-06-28 donut golang impersonation open-source sliver virtual disk wordpress
- Related entities
- 18 observables, 9 techniques (mitre), 2 malware
Description
A long-running campaign was identified involving malicious actors impersonating Israeli entities and private companies. The operators delivered payloads through crafted WordPress sites, employing a mix of custom code and open-source malware like Donut and Sliver. While the motivations remain unclear, the activities illustrate the challenges of distinguishing legitimate penetration testing from malicious operations, especially when targeting government bodies. The investigation highlights the increasing adoption of publicly available attack tools and the need for greater transparency in the cybersecurity industry.