Iran Nuclear NewsAnother cyber espionage campaign found targeting Iran

Another cyber espionage campaign found targeting Iran

-

Reuters: Security experts have uncovered an ongoing cyber espionage campaign targeting Iran and other Middle Eastern countries that they say stands out because it is the first such operation using communications tools written in Persian.
BOSTON (Reuters) – Security experts have uncovered an ongoing cyber espionage campaign targeting Iran and other Middle Eastern countries that they say stands out because it is the first such operation using communications tools written in Persian.

Israeli security company Seculert and Russia’s Kaspersky Lab, said on Tuesday that they identified more than 800 victims of the operation. The targets include critical infrastructure companies, engineering students, financial services firms and government embassies located in five Middle Eastern countries, with the majority of the infections in Iran.

Seculert and Kaspersky declined to identify specific targets of the campaign, which they believe began at least eight months ago. They said they did not know who was behind the attacks or if was a nation state.

“It’s for sure somebody who is fluent in Persian, but we don’t know the origin of those guys,” said Seculert Chief Technology Officer Aviv Raff.

The Mahdi Trojan lets remote attackers steal files from infected PCs and monitor emails and instant messages, Seculert and Kaspersky said. It can also record audio, log keystrokes and take screen shots of activity on those computers.

The firms said they believed multiple gigabytes of data have been uploaded from targeted machines.

“Somebody is trying to build a dossier of a larger scale on something,” Raff said. “We don’t know what they are going to do at the end.”

Researchers have previously said that nation states were almost certainly behind the Flame virus, which was discovered earlier this year, and Duqu, which was uncovered in 2011.

Seculert and Kaspersky dubbed the campaign Mahdi, a term referring to the prophesied redeemer of Islam, because evidence suggests the attackers used a folder with that name as they developed the software to run the project.

They also included a text file named mahdi.txt in the malicious software that infected target computers.

(Reporting by Jim Finkle; Editing by Lisa Von Ahn)

Latest news

Iran’s Negative Economic Growth: From Statistical Manipulation to the Collapse of Investment

When the gap between official figures and reality becomes too wide, the economic crisis is no longer confined to...

Iraq Sets September 30 as Deadline for Disarmament of Iranian Regime-Backed Militia Groups

Iraqi government spokesperson Haider al-Aboudi announced on Monday, June 29, that the government has given Shiite armed groups backed...

Escalating Iran-US Conflict Cuts Strait of Hormuz Traffic, Lifts Oil Prices

Oil Prices Rise and Ship Traffic Through the Strait of Hormuz Declines Following Tensions Between Iran and the United...

The ‘No To Executions Tuesdays’ campaign has entered its 127th week

The campaign “No to Executions Tuesdays,” a prisoner-led protest against executions held across multiple prisons in Iran, entered its...

Sixty-two Members of the Iranian Regime’s Assembly of Experts Call for Keeping the Strait of Hormuz Closed

As signs of divisions and rivalry at the highest levels of the Iranian regime have become increasingly apparent, 62...

Workers and Retirees in Iran Once Again Protest Over Living Conditions

Retirees and workers held protest gatherings and marches in several cities across Iran on Sunday, June 28, once again...

Must read

Saudi Oil Policy, still at the top

Saudi King Abdullah bin Abdul Aziz died on 23rd...

US ready to respond if Iran falters: Obama adviser

AFP: The United States is prepared to respond if...

You might also likeRELATED
Recommended to you