VERY IMPORTANT

The report details a long-running espionage campaign by Ashen Lepus, a Hamas-affiliated threat group, targeting governmental and diplomatic entities in the Middle East. The group has developed a new malware suite called AshTag, which includes enhanced custom payload encryption, infrastructure obfuscation, and in-memory execution. Ashen Lepus has expanded its targeting beyond traditional geographic boundaries, now including entities in Oman and Morocco. The AshTag malware suite employs a multi-stage infection chain, utilizing decoy PDFs and RAR archives to deliver its payloads. The group has also updated its C2 architecture to evade detection and blend with legitimate traffic.