A “persistent attacker group” with alleged ties to Hezbollah has retooled its malware arsenal with a new version of a remote access Trojan (RAT) to break into companies worldwide and extract valuable information.
In a new report published by the ClearSky research team on Thursday, the Israeli cybersecurity firm said it identified at least 250 public-facing web servers since early 2020 that have been hacked by the threat actor to gather intelligence and steal the company’s databases.
The orchestrated intrusions hit a slew of companies located in the U.S., the U.K., Egypt, Jordan, Lebanon, Saudi Arabia, Israel, and the Palestinian Authority, with a majority of the victims representing telecom operators (Etisalat, Mobily, Vodafone Egypt), internet service providers (SaudiNet, TE Data), and hosting and infrastructure service providers (Secured Servers LLC, iomart).
First documented in 2015, Volatile Cedar (or Lebanese Cedar) has been known to penetrate a large number of targets using various attack techniques, including a custom-made malware implant codenamed Explosive.
Volatile Cedar has been previously suspected of Lebanese origins — specifically Hezbollah’s cyber unit — in…