A new cyberespionage campaign, Operation Parliament, is targeting high-profile organisations from around the world with a focus on the Middle East and North Africa.
The attacks have been active since 2017 and have targeted top legislative, executive and judicial powers, including but not limited to governmental and large private entities from 27 countries across the region.

Kaspersky Lab experts believe that Operation Parliament represents a new geopolitically-motivated threat actor that is highly active and skilled.

Attackers are also believed to have access to an elaborate database of contacts for sensitive organisations and personnel worldwide, especially of non-trained staff.

Victims of the attacks include government entities, political figures, military and intelligence agencies, media outlets, research centers, Olympic foundations and large private companies.

Based on the findings, the attackers infiltrated their victims using malware that provides them with a remote cmd/powershell terminal that enables them to execute any scripts/commands and receive the result through http requests.

The attacks have taken great care to stay under the radar and have used techniques to verify the victims’ devices before infiltrating them.

“Operation Parliament is another symptom of the continuously developing tensions in the Middle East and North Africa. We are witnessing higher sophistication and smarter techniques used by attackers and it doesn’t look like they will stop or slow down anytime soon,” says Mohamad Amin Hasbini, senior security researcher at Kaspersky Labs’ Global Research & Analysis Team. “The type of people and organisations targeted in this attack campaign should elevate their levels of cyber maturity in order to mitigate such attacks in the future.”