Part 2/16:
The investigation began unexpectedly late one April night when an Israeli CERT reached out about an attempted attack. The threat was seemingly attributed to advanced persistent threats (APTs). The team’s initial plan was straightforward: analyze what appeared to be a targeted spear-phishing campaign. However, as the analysis deepened, it quickly became evident that the operation was more sophisticated and more dangerous than a typical cybercrime.