World Video | Defence | Foreign Affairs | Natural Events | Trade | NZ in World News | NZ National News Video | NZ Regional News | Search

 

Symantec Discovers New Cyber Espionage Campaign

Symantec Discovers New Cyber Espionage Campaign Targeting Middle Eastern Government and Business Organisations
Leafminer Attack Group Attempts to Infiltrate Targets Through Various Means of Intrusion

AUCKLAND – 15 August 2018 – Symantec Corp. (NASDAQ: SYMC), the world’s leading cyber security company, announced the new discovery of a cyber espionage campaign from a group called Leafminer, which has been targeting government organisations and business verticals across the Middle East since at least early 2017.

Leafminer attempts to infiltrate target networks using three main techniques for intrusion: watering hole websites, vulnerability scans of network services on the internet, and brute force/dictionary login attempts. The group’s post-compromise toolkit suggests that it is looking for email data, files, and database servers on compromised target systems.

“Leafminer’s interest in email data indicates that espionage is the primary motivation,” said Einar Oftedal, vice president, Detection Research at Symantec. “The group is highly active and uses publicly available tools that don’t generally set off alerts, along with its own custom malware. They have bold ambitions and are eager to learn from more advanced threat actors, as seen by their mimicking of Dragonfly’s watering hole technique.”

During the investigation of Leafminer, Symantec discovered a list of 809 targets used by the attackers for vulnerability scans. Target regions included in the list were Saudi Arabia, United Arab Emirates, Qatar, Kuwait, Bahrain, Egypt, Israel and Afghanistan. The primary industries under attack include governments, the financial sector and the energy sector.

Given Leafminer’s list of targeted organisations was written in the Iranian language Farsi and the web shell used to set up its arsenal server was authored by MagicCoder, a notorious hacker handle linked to Iranian hacking forums and the Sun Army hacker group, Leafminer appears to be based in Iran.

Symantec has been protecting our customers against Leafminer, and includes the following protections against these attacks:
Backdoor.Sorgu
Trojan.Imecab

For more information, visit https://www.symantec.com/blogs/threat-intelligence/leafminer-espionage-middle-east.

© Scoop Media

 
 
 
World Headlines

 

New IPCC Report: ‘Unprecedented Changes’ Needed To Limit Global Warming

Limiting global warming to 1.5°C will require “far-reaching and unprecedented changes,” such as ditching coal for electricity to slash carbon emissions, says a special report that finds some of the actions needed are already under way, but the world must move faster… More>>

ALSO:

Jamal Khashoggi: UK, France, Germany Join Calls For Credible Investigation

Germany, the United Kingdom and France share the grave concern expressed by others including HRVP Mogherini and UNSG Guterres, and are treating this incident with the utmost seriousness. More>>

ALSO:

MSF Not Wanted: Nauru Government Shows Continued Callousness

The Nauruan Government’s decision to ask Doctors Without Borders to immediately leave shows continued callousness towards asylum seekers desperately seeking a safe place to call home, Green MP Golriz Ghahraman said today. More>>

ALSO:

Sulawesi Quake, Tsunami: Aid Response Begins

Oxfam and its local partners are standing by to deploy emergency staff and resources to the Indonesian island of Sulawesi, as an estimated 1.5 million people are thought to be affected by the massive earthquake and tsunami that hit on Friday. More>>

ALSO:

Decriminalising Same-Sex Relationships: UN Rights Chief Applauds Indian Decision

“This is a great day for India and for all those who believe in the universality of human rights," Bachelet said. "With this landmark decision, the Indian Supreme Court has taken a big step forward for freedom and equality...” More>>

ALSO:

 
 
 
 
 
 
  • Pacific.Scoop
  • Cafe Pacific
  • PMC