Free Phone Consultation For New Clients | CONTACT NOW

Earth Bogle: Campaigns Target the Middle East with Geopolitical Lures

While threat hunting, Trend Micro found an active campaign using Middle Eastern geopolitical themes as a lure to target potential victims in the Middle East and Africa. Earth Bogle, the threat actor uses public cloud storage services such as and to host malware, while compromised web servers distribute NjRAT.

The threat actor used a few campaign signposts in the past. In particular, the campaign has been targeting universities located in Africa and Middle East with C&C infrastructure. In one case, malware sample XtremMonitor was distributed via university's website, which is also behind a public cloud storage service. The C&C was running on a compromised Linux server with an IP address translated to "Tuindari," likely obtained from a compromised company. Based on this theme, we named this campaign as 'Earth Bogle' (E-Bogle).

The domain names used by Earth Bogle in the past are targeting Egypt, Algeria and Sudan.

The purposes of the malware used by E-Bogle are to obtain information about infected systems, exfiltrate data and obtain cryptocurrency via a distributed mining operation. XtremMonitor malware has been found in Egypt and Sudan; while QulmMonitor was found exclusively in Egypt.

Source: Earth Bogle: Campaigns Target the Middle East with Geopolitical Lures - AlienVault - Open Threat Exchange

Need secure managed IT for your business?