[Cyware] Researchers catch Yemeni hackers spying on Middle East military phones

Summary: A Yemeni hacking group affiliated with the Houthi movement has been infecting surveillance software on the phones of military personnel in the Middle East, including Saudi Arabia, Egypt, and the United Arab Emirates.

Threat Actor: Yemen’s Houthi movement | Yemen’s Houthi movement
Victim: Military personnel in the Middle East | Military personnel in the Middle East

Key Point :

  • A Yemeni hacking group affiliated with the Houthi movement has infected surveillance software on the phones of over 450 individuals in Yemen, Saudi Arabia, Egypt, Oman, the United Arab Emirates, Qatar, and Turkey.
  • This demonstrates how mobile devices have become a target in conflicts worldwide, highlighting the increasing use of cyber weapons.

A Yemeni hacking group is eavesdropping on the phones of military personnel in the Middle East, the latest sign of how surveillance has gone mobile in conflicts across the world, researchers say.

In a report published Tuesday, researchers from the cybersecurity firm Lookout say hackers affiliated with Yemen’s Houthi movement — the militant group that controls of most of the country — have successfully infected surveillance software on phones belonging to more than 450 people in their home country as well as in Saudi Arabia, Egypt, Oman, the United Arab Emirates, Qatar and Turkey.

“It just shows how mobile as a threat really has made it into every conflict on Earth as a cyber target,” said Christoph Hebeisen, the director of security intelligence research at Lookout. “Yemen always seems like a small and not very advanced place, and they don’t have great means, yet they managed to create this kind of cyber weapon.”

The Houthi operation kicked off in 2019 and targets Android phones belonging to military personnel of interest to the group, Lookout said. It relies on a version of the Dendroid malware that leaked online a decade ago —dubbed GuardZoo — that can collect data from phones such as photos, documents and files related to marked locations, according to Lookout.


The Houthi movement came to international prominence in 2014 when it launched a military campaign against the then-government, causing its collapse and setting off a subsequent humanitarian crisis. The group is backed by Iran and has spent years fighting a Saudi-backed military force. More recently, the group has carried out crippling attacks on international shipping passing through the Strait of Hormuz in retaliation for Israel’s military campaign in Gaza. 

The Houthis have in recent years embraced the use of cyber capabilities. Last year, researchers with Recorded Future observed a hacking group with likely ties to the Houthis carrying out a digital espionage campaign that relied on WhatsApp to send malicious lures to its targets. 

The activity described in Tuesday’s Lookout report also relied on WhatsApp, in addition to direct browser downloads, to infect its targets, but Lookout said its researchers had not previously observed activity from the group behind the campaign. Of particular interest to the group are maps that might reveal the locations of military assets, said Lookout’s senior security researcher, Alemdar Islamoglu.

“The campaign mostly uses military themes to lure victims, but Lookout researchers also observed that religion and other themes are being used,” the report says, citing examples such as a religious-themed prayer app or military-themed apps.

Also on Tuesday, Recorded Future released a report on the likely pro-Houthi group it dubbed OilAlpha. The firm said the group continues to target humanitarian organizations in Yemen, with affected organizations including CARE International and the Norwegian Refugee Council.


This story was updated July 9, 2024, with details about a Recorded Future report.

Source: https://cyberscoop.com/researchers-catch-yemeni-hackers-spying-on-middle-east-military-phones

“An interesting youtube video that may be related to the article above”