Sourcebase Reports

Country briefing exerts and analysis from KCS Group

Israeli Public Sector Targeted by Zeus Trojan Campaign

                                               KCS IS Cyber Intelligence Alert

                                                          13th October 2015  


Threat Alert:

Israeli Public Sector Targeted by Zeus Trojan Campaign                                            

Overview                                                                                                                                  Threat Level: 2

A series of attacks have been identified targeting the Israeli public sector.   In this particular case the hackers were using MWI (Microsoft Word Intruder) exploit kit to deliver modified version of the Zeus info-stealing Trojan on infected PC’s.


Security researchers at Check Point made the discovery, after a high profile client submitted a malicious RTF file for analysis. The file had been received by multiple employees via spam email, and the security firm found that it had been sent to multiple people working for various public sector organizations.

According to the security firm, the malicious campaign targeted over 200 machines across 15 distinct Israeli firms and institutions, including government agencies, security industry firms, municipal agencies, research institutions and even hospitals. Almost half of the attacks in this campaign were targeted at Israeli organizations, and Check Point suggests that they might have been politically motivated.

The RTF document was found to be infected with the Zeus Trojan, which is usually targeted at enterprise environments to steal passwords, financial credentials, FTP login details, cookies, mail settings, and other authentication details. Moreover, Check Point explains that the malicious document was auto-generated by Microsoft Word Intruder (MWI), a well-known exploit kit.


This further emphasizes the need to educate employees on the danger of opening documents attached to emails. This happened because, after receiving a malicious RTF file via the aforementioned spam email, employees opened it and the payload was executed.

On a more general warning this large-scale campaign has been launched with ‘off-the-shelf’ materials such as MSI and vanilla Zeus showing how attacks can be both widespread and deadly to the sector targeted without the need for new types of malware.


The actions are as always to ensure you have adequate security to deal with malicious external email attachments and an educated work force that is aware of the danger of opening documents sent from external sources. A new awareness of sector-based attacks on this scale with political motives can change the landscape as your business or specific employees may be caught up with this.

For more information please contact:

Tony Sweeney

Director KCS IS, KCS Group Europe Ltd



This entry was posted on October 13, 2015 by in Uncategorized.
%d bloggers like this: