A Houthi hacking group is eavesdropping on the phones of military personnel in the Middle East, the latest sign of how surveillance has gone mobile in conflicts across the world, researchers say.
In a report published recently, researchers from the cybersecurity firm Lookout say hackers affiliated with Houthi rebels have successfully infected surveillance software on phones belonging to more than 450 people in their home country as well as in Saudi Arabia, Egypt, Oman, the United Arab Emirates, Qatar and Turkey.
“It just shows how mobile as a threat really has made it into every conflict on Earth as a cyber target,” said Christoph Hebeisen, the director of security intelligence research at Lookout. “Yemen always seems like a small and not very advanced place, and they don’t have great means, yet the Houthies managed to create this kind of cyber weapon.”
According to the report the Houthi operation kicked off in 2019 and targets Android phones belonging to military personnel of interest to the group. It relies on a version of the Dendroid malware that leaked online a decade ago —dubbed GuardZoo — that can collect data from phones such as photos, documents and files related to marked locations, according to Lookout.
The Houthis have in recent years embraced the use of cyber capabilities. Last year, researchers with Recorded Future observed a hacking group with likely ties to the Houthis carrying out a digital espionage campaign that relied on WhatsApp to send malicious lures to its targets.
The activity described in the Lookout report also relied on WhatsApp, in addition to direct browser downloads, to infect its targets, but Lookout said its researchers had not previously observed activity from the group behind the campaign.
Of particular interest to the group are maps that might reveal the locations of military assets, said Lookout’s senior security researcher, Alemdar Islamoglu.
“The campaign mostly uses military themes to lure victims, but Lookout researchers also observed that religion and other themes are being used,” the report says, citing examples such as a religious-themed prayer app or military-themed apps.
Recorded Future also released a report on the likely pro-Houthi group it dubbed OilAlpha. The firm said the group continues to target humanitarian organizations in Yemen, with affected organizations including CARE International and the Norwegian Refugee Council.