ALL YOUR IT. SIMPLIFIED.
Cybersecurity for middle market operations
Do you know what questions to ask when you're looking for an IT firm? We're here to help. Get the free guide delivered right to your inbox:
While threat hunting, Trend Micro found an active campaign using Middle Eastern geopolitical themes as a lure to target potential victims in the Middle East and Africa. Earth Bogle, the threat actor uses public cloud storage services such as files.fm and failiem.lv to host malware, while compromised web servers distribute NjRAT.
The threat actor used a few campaign signposts in the past. In particular, the campaign has been targeting universities located in Africa and Middle East with C&C infrastructure. In one case, malware sample XtremMonitor was distributed via university's website, which is also behind a public cloud storage service. The C&C was running on a compromised Linux server with an IP address translated to "Tuindari," likely obtained from a compromised company. Based on this theme, we named this campaign as 'Earth Bogle' (E-Bogle).
The domain names used by Earth Bogle in the past are targeting Egypt, Algeria and Sudan.
The purposes of the malware used by E-Bogle are to obtain information about infected systems, exfiltrate data and obtain cryptocurrency via a distributed mining operation. XtremMonitor malware has been found in Egypt and Sudan; while QulmMonitor was found exclusively in Egypt.
