 |
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
|
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
APT group: Operation Electric Powder| Names | Operation Electric Powder (ClearSky) | |
| Country | [Unknown] | |
| Motivation | Information theft and espionage | |
| First seen | 2016 | |
| Description | (ClearSky) From April 2016 until at least February 2017, attackers have been spreading malware via fake Facebook profiles and pages, breached websites, self-hosted and cloud based websites. Various artifacts indicate that the main target of this campaign is IEC – Israel Electric Company. These include domains, file names, Java package names, and Facebook activity. We dubbed this campaign “Operation Electric Powder“. Israel Electric Company (also known as Israel Electric Corporation) “is the largest supplier of electrical power in Israel. The IEC builds, maintains, and operates power generation stations, sub-stations, as well as transmission and distribution networks. The company is the sole integrated electric utility in the State of Israel. It installed generating capacity represents about 75% of the total electricity production capacity in the country.” It is notable that the operational level and the technological sophistication of the attackers are not high. Also, they are having hard time preparing decoy documents and websites in Hebrew and English. Therefore, in most cases a vigilant target should be able to notice the attack and avoid infection. We do not have indication that the attacks succeeded in infecting IEC related computers or stealing information. Currently we do not know who is behind Operation Electric Powder or what its objectives are. Also see WildCard. This actor is reported as potentially linked to the threat actor known as Molerats, Extreme Jackal, Gaza Cybergang, but no strong evidence has been found. | |
| Observed | Sectors: Energy. Countries: Israel. | |
| Tools used | SysJoker. | |
| Information | <https://www.clearskysec.com/iec/> | |
Last change to this card: 30 November 2023
Download this actor card in PDF or JSON format
Previous: Operation Earth Kitsune
Next: Operation EmailThief, TEMP_Heretic
|
Digital Service Security Center Follow us on
|
Report incidents |
|
 |
+66 (0)2-123-1227 | |
 |
[email protected] | |