A Hamas-affiliated group, Ashen Lepus, continues its persistent cyber-espionage activities amidst ongoing conflict, significantly upgrading its malware capabilities with the new AshTag suite. The groupβs evolving tactics include sophisticated evasion techniques and expanded targeting across Arabic-speaking nations, emphasizing the strategic importance of their digital operations. #AshenLepus #AshTag
Keypoints
- Ashen Lepus maintained active cyber operations throughout the Israel-Hamas conflict despite kinetic warfare disruptions.
- The group developed an advanced modular malware suite called AshTag to enhance operational efficiency and evade detection.
- The infection chain involves sophisticated methods like decoy PDFs, malicious DLL loading, and memory-only payload execution.
- Its targets have expanded from neighboring countries to include other Arabic-speaking nations such as Oman and Morocco.
- Ashen Lepus actively conducts reconnaissance and data theft, using tools like Rclone to exfiltrate sensitive diplomatic documents covertly.