Yemen-based humanitarian and human rights organizations CARE International, the King Salman Humanitarian Aid and Relief Centre, and the Norwegian Refugee Council have been targeted by suspected Houthi-aligned threat operation OilAlpha in attacks deploying the Android spyware SpyNote, also known as SpyMax, since early June, The Hacker News reports.
Malicious Android APK files purporting to be from legitimate organizations have been distributed by OilAlpha via WhatsApp to facilitate victim data theft with the SpyNote trojan, a report from Recorded Future's Insikt Group showed. Credential harvesting was also involved in the attacks by OilAlpha, which follow the delivery of GuardZoo surveillance tool in a separate intrusion by another pro-Houthi actor. "Houthi militants have continually sought to restrict the movement and delivery of international humanitarian assistance and have profited from taxing and re-selling aid materials. One possible explanation for the observed cyber targeting is that it is intelligence-gathering to facilitate efforts to control who gets aid and how it is delivered," said Recorded Future researchers.
