Supposed Grasshopper operators impersonate Israeli government and private companies to deploy open-source malware
A long-running campaign was identified involving malicious actors impersonating Israeli entities and private companies. The operators delivered payloads through crafted WordPress sites employing a mix of custom code and open-source malware like Donut and Sliver. While the motivations remain unclear the activities illustrate the challenges of distinguishing legitimate penetration testing from malicious operations especially when targeting government bodies. The investigation highlights the increasing adoption of publicly available attack tools and the need for greater transparency in the cybersecurity industry.