ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Home > List all groups > The Big Bang

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: The Big Bang

NamesThe Big Bang (Check Point)
MotivationInformation theft and espionage
First seen2017
Description(Talos) Talos continuously monitors malicious emails campaigns. We identified one specific spear phishing campaign launched against targets within Palestine, and specifically against Palestinian law enforcement agencies. This campaign started in April 2017, using a spear phishing campaign to deliver the MICROPSIA payload in order to remotely control infected systems. Although this technique is not new, it remains an effective technique for attackers.

The malware itself was developed in Delphi; in this article, we describe the features and the network communication to the command and control server used by the attackers. The threat actor has chosen to reference TV show characters and include German language words within the attack. Most significantly, the attacker has appeared to have used genuine documents stolen from Palestinian sources as well as a controversial music video as part of the attack.

(Check Point) While the APT has gone through significant upgrades over the past year, the conductors of these campaigns maintained evident fingerprints, both in the delivery methods and malware development conventions. These unique traces assisted us in correlating the current wave to past attacks, and may also have some resemblance to attacks related to the Molerats, Extreme Jackal, Gaza Cybergang APT group.
ObservedSectors: Law enforcement and others.
Countries: Palestine and Middle East.
Tools usedMicropsia.

Last change to this card: 15 April 2020

Download this actor card in PDF or JSON format

Previous: Berserk Bear, Dragonfly 2.0
Next: Bitter

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]