Syrian Hackers Increase Remote Access Trojan (RAT) Attacks

August 25, 2014

The Global Research & Analysis Team (GReAT) at Kaspersky Lab has discovered new malware attacks in Syria, using some techniques to hide and operate malware, in addition to proficient social engineering tricks to deliver malware by tricking and tempting victims to open and launch malicious files. The malware files were found on activist sites and social networking forums, some other files were also reported by local organizations like CyberArabs and Technicians for Freedom.

Security researchers have found evidence that Syrian hackers are increasing their efforts to conduct Remove Access Trojan (RAT) attacks via social networks, YouTube, email, and Skype. According to Kaspersky Lab, the hackers often trick victims into downloading malware on to their computers.

Thus far the hackers mostly target Syrian activist groups and citizens, although there are reports of attacks in other Middle East countries as well as France, the U.S., Morocco, and Turkey.

The Syrian hacker groups involved appear to be “Team Hacker and Assad Penetrations Unit”; “Anonymous Syria Al-Assad Unit”; and “Management of Electronic Monitoring and Central Tracking Unit.”

The number of attacks and malicious files being distributed is constantly increasing as the attackers become more organized and proficient. The samples are all based on Remote Administration Trojan Tools (RATs)
The number of malicious files found as of this writing: 110
The number of domains linked to the attacks: 20
The number of IP addresses linked to the attacks: 47

Source:;,  August 18, 2014.