The Palestinian threat actor Molerats targeted Middle Eastern governments, foreign policy think tanks, and a state-affiliated airline with spear-phishing emails containing a remote access Trojan. To avoid detection, Molerats used geofencing and URL redirects to legitimate sites. The hackers masqueraded as the site Quora and also created target-specific lures that it delivered to organizations in the form of Dropbox and WordPress URLs.