Organizations across the Middle East have been targeted with cyberattacks by threat actors aligned with Houthi, a Yemeni Shia Islamist movement, reports The Record, a news site by cybersecurity firm Recorded Future.
Attacks with the GuardZoo surveillance tool have been launched by a pro-Houthi threat operation to exfiltrate documents and photos from Middle Eastern militaries since 2019, with most of the over 450 compromised IP addresses based in Yemen, Saudi Arabia, Egypt, and Oman, an analysis from Lookout showed. WhatsApp and browser downloads have been primarily leveraged by threat actors to spread the GuardZoo spyware, which also features device location and configuration identification, as well as arbitrary app installation capabilities, according to Lookout researchers. Meanwhile, another report from Recorded Future revealed that human rights and humanitarian entities in Yemen, including the Norwegian Refugee Council and CARE International, have been subjected to credential and intelligence theft attacks by Houthi-aligned operation OilAlpha.
