Threat Intelligence Tarot
Vol. II · 124
Middle East (Hamas-aligned, suspected)
G0090
risk 3/5
The Quiet Hand
WIRTE
MoleRATs subgroup · Gaza Cybergang subgroup
Middle East governmentsDiplomatic missionsPalestinian Authority adversaries
Active since ~2018 · Regional political intelligence, Diplomatic surveillance
The Quiet Hand reaches across the negotiation table. Each lure is dressed in the regional politics of the day, and the recipient's anger or sympathy makes the click feel inevitable.
Tactics & Techniques
RCN
RDV
INI
EXC
PRS
PRV
EVA
CRD
DSC
LAT
COL
C2
EXF
IMP
T1566.001
Spearphishing Attachment
Initial Access
T1059.005
Visual Basic
Execution
T1547.001
Registry Run Keys
Persistence
T1071.001
Web Protocols
Command and Control
T1027
Obfuscated Files or Information
Defense Evasion
T1083
File and Directory Discovery
Discovery
Notable Operations
  • Themed lures around regional political events
  • IronPython loader chain (Kaspersky disclosure)
  • Middle East diplomatic and government targeting
  • Long-running campaigns against regional opposition figures
Defenses
  • Region-specific phishing training reflecting current political lures
    NIST CSF: PR.AT
  • VBA macro restrictions for documents from external sources
    Microsoft Office Security Baseline
  • Endpoint detection tuned for IronPython and unusual interpreter usage
    MITRE D3FEND
  • Diplomatic mission threat briefings on regional operator TTPs
    NIST CSF: ID.RA
Reversed: Their Weakness
Cultural and political-context awareness in security training, paired with macro restrictions, removes the lure's emotional leverage. Defenders who understand the politics see the phish.

Share this adversary profile

Compare →

swipe to browse

← PreviousThe Many-Headed WhisperNext →The Mirage Locksmith
Related Adversaries
The Heartbeat
Tonto Team
5 shared TTPs
The Decade Patient
APT30
5 shared TTPs
The Desert Hawk
Stealth Falcon
4 shared TTPs
Data sourced from MITRE ATT&CK. For educational purposes.