An ongoing spyware campaign has been targeting attendees of Saudi government-led negotiations on Yemen, as well as aid workers who are working to stabilize the region on behalf of the pro-Houthi movement. The threat group OilAlpha has been using messenger applications like WhatsApp to social engineer their targets into downloading a malicious Android application. The app comes loaded with remote access Trojans (RATs) like SpyNore and SpyMax, according to Insikt Group researchers who have been monitoring this activity since May 2022.
However, it is not just the tactics that are of concern here; the group’s use of infrastructure linked back to the Public Telecommunication Corporation (PTC), a business owned by the Yemeni government, has raised eyebrows. According to the report, the PTC is under the control of Houthi-aligned officials, making it seem as if there may be government support for this nefarious activity.
“The group’s operations have reportedly included targeting persons attending Saudi Arabian government-led negotiations; coupled with the use of spoofed Android applications mimicking entities tied to the Saudi Arabian government, and a UAE humanitarian organization (among others),” the report stated. “As of this writing, we suspect that the attackers targeted individuals the Houthis wanted direct access to.”
These kinds of attacks are not new, and they pose a significant threat to the stability and security of the entire region. Yemen has been struggling for years due to an ongoing civil war, and the involvement of multiple foreign powers has only served to escalate tensions. The Saudi-led coalition and Houthi rebels have been battling for control of the country since 2014, causing a humanitarian crisis with countless innocent civilians caught in the crossfire.
Thus, the fact that groups are actively targeting those working toward stability on behalf of the pro-Houthi movement is particularly concerning. These individuals are trying to make a difference and improve the situation in Yemen, yet they are being undermined by cybercriminals seeking to gain access to their sensitive information.
Unfortunately, it is not just the aid workers and attendees of the Saudi-led negotiations that are at risk. Anybody who uses messaging applications like WhatsApp is potentially vulnerable to similar attacks. Social engineering tactics are a popular way for cybercriminals to gain access to sensitive information, whether it is personal or corporate. Thus, it is essential to remain vigilant and exercise caution when using messaging apps or downloading unknown applications.
Furthermore, the fact that the attackers have been using infrastructure linked to the Yemeni government raises important questions about the government’s role in this activity. Are they turning a blind eye to the activities of rogue groups, or are they actively supporting them? Either way, it is essential to take immediate action to prevent further attacks and to hold those responsible accountable for their actions.
In conclusion, the ongoing spyware campaign targeting attendees of Saudi government-led negotiations on Yemen and aid workers working to stabilize the region poses a significant threat to the entire region’s stability and security. These individuals are trying to make a difference and improve the situation in Yemen, yet they are being undermined by cybercriminals seeking to gain access to their sensitive information. As such, it is crucial to remain vigilant and exercise caution when using messaging apps or downloading unknown applications. Additionally, the government needs to take immediate action to prevent further attacks and to hold those responsible accountable for their actions.