216.73.217.19

Supposed Grasshopper: operators impersonate Israeli government and private companies to deploy open-source malware

· Published 28/06/2024 14:58 · Modified 28/06/2024 15:27

Export JSON

Essential information

Published
28/06/2024 14:58
Modified
28/06/2024 15:27
Tags
2024-06-28 donut golang impersonation open-source sliver virtual disk wordpress
Related entities
18 observables, 9 techniques (mitre), 2 malware

Description

A long-running campaign was identified involving malicious actors impersonating Israeli entities and private companies. The operators delivered payloads through crafted sites, employing a mix of custom code and malware like and . While the motivations remain unclear, the activities illustrate the challenges of distinguishing legitimate penetration testing from malicious operations, especially when targeting government bodies. The investigation highlights the increasing adoption of publicly available attack tools and the need for greater transparency in the cybersecurity industry.

External references