July 19, 2024 at 06:33AM
A pro-Houthi threat group known as OilAlpha targeted humanitarian organizations in Yemen with Android spyware, posing as entities like CARE International and the Norwegian Refugee Council. Recorded Future’s Insikt Group noted that the group seeks to gather sensitive data and carry out espionage, possibly to control aid delivery. This follows prior surveillanceware operations linked to Houthi-aligned threat actors.
Based on the meeting notes, the key takeaways are:
1. A suspected pro-Houthi threat group, OilAlpha, targeted humanitarian organizations in Yemen with Android spyware to gather sensitive information.
2. The attacks leveraged malicious mobile apps masquerading as legitimate organizations like CARE International and the Norwegian Refugee Council (NRC).
3. These apps contained the SpyMax trojan, which requested intrusive permissions to facilitate the theft of victim data.
4. The threat group also employed a credential harvesting component using fake login pages to gather users’ login information for espionage purposes.
5. It is speculated that the targeting is aimed at intelligence-gathering to control the movement and delivery of international humanitarian assistance.
6. Another threat actor aligned with Houthi was implicated in a separate surveillanceware operation using an Android data-gathering tool called GuardZoo.
These clear takeaways highlight the concerning cyber targeting of humanitarian organizations in the Middle East and the potential impact on aid delivery and espionage efforts.