Pro-Houthi hacking group target foreign entities

A group that appears to support the Houthis in Yemen is targeting organizations working in the region with malicious Android-based apps.

hacking group known as OilAlpha with likely ties to Yemen’s Houthi movement has targeted humanitarian groups, media outlets and nonprofits in the Arabian Peninsula via WhatsApp as part of a digital espionage campaign, according to a new report by cybersecurity firm Recorded Future.

From April to May 2022, just as Saudi Arabia hosted negotiations between Yemeni leaders involved in the nearly decade-long civil war, OilAlpha sent malicious Android files through WhatsApp to political representatives and journalists, the firm noted. The hacking group appears to favor using the remote access tools to install mobile spyware such as SpyNote and SpyMax.

The firm said that OilAlpha will likely continue using malicious Android-based apps to “target entities that share an interest in Yemen’s political and security developments and the humanitarian and NGO sectors that operate in Yemen.”

Both SpyNote and SpyMax include the ability to access “call logs, SMS data, contact information, network information, access to the device’s camera and audio, as well as GPS location data, among others,” the report noted. OilAlpha’s similarly focuses on Android phones that are more widely available in the region.

OilAlpha mostly used Yemeni-owned Public Telecommunication Corporation that is likely under the control of Houthi authorities, Recorded Future said. Additionally, the group almost exclusively used dynamic DNS, which served as another indicator for attribution, Recorded Future noted.