Molerats APT – also known as Moonlight, Extreme Jackal, and Gaza Hackers Team – have been active since 2012. They made headlines in 2012 when they conducted a cyberattack against Israeli government. The targeted nations expanded to include Palestine, U.S., and also the UK. Molerats is a politically motivated nation-state actor that is conducting cyber espionage using three new malware variants:
Molerats use Dropbox, Google Drive, and other legitimate services to drop spyware for cyber espionage against the Middle-East.
They use content written in the Arabic language related to the Palestinian conflict with Israel which encloses a macro that can execute a PowerShell command for fetching malware