World Video | Defence | Foreign Affairs | Natural Events | Trade | NZ in World News | NZ National News Video | NZ Regional News | Search

 

Tortoiseshell Group Targets IT Providers in Saudi Arabia

Tortoiseshell Group Targets IT Providers in Saudi Arabia in Probable Supply Chain Attacks

Previously undocumented group hits IT providers in the Middle East

A previously undocumented attack group is using both custom and off-the-shelf malware to target IT providers in Saudi Arabia in what appear to be supply chain attacks with the end goal of compromising the IT providers’ customers.

This activity indicates the attackers had achieved domain admin level access on these networks, meaning they had access to all machines on the network.

The group, which we are calling Tortoiseshell, has been active since at least July 2018. Symantec has identified a total of 11 organizations hit by the group, the majority of which are based in Saudi Arabia. In at least two organizations, evidence suggests that the attackers gained domain admin-level access.

Another notable element of this attack is that, on two of the compromised networks, several hundred computers were infected with malware. This is an unusually large number of computers to be compromised in a targeted attack. It is possible that the attackers were forced to infect many machines before finding those that were of most interest to them.

Symantec has seen Tortoiseshell activity as recently as July 2019.

On at least two victim networks, Tortoiseshell deployed its information gathering tools to the Netlogon folder on a domain controller. This results in the information gathering tools being executed automatically when a client computer logs into the domain. This activity indicates the attackers had achieved domain admin level access on these networks, meaning they had access to all machines on the network.

To read the full report please visit https://www.symantec.com/blogs/threat-intelligence/tortoiseshell-apt-supply-chain.

###


© Scoop Media

 
 
 
World Headlines

 

Climate Strike: At UN, Youth Activists Press For Bold Action

This first-ever UN Youth Climate Summit follows Friday’s global ‘climate strike’, which saw millions of young people from across the globe walk out of school and jam streets in major cities, from New York to New Delhi and Santiago to San Francisco. More>>

ALSO:

Pacific: Tongan PM 'Akilisi Pohiva Dies, Aged 78

A constant thorn in the side of the monarchy and nobility, Mr Pohiva's lifelong battle for representation had seen him fired from the public service and charged with sedition... More>>

ALSO:

Untied Kingdom: UK PM Moves To Suspend Parliament In Weeks Before Brexit

The Prime Minister has briefed Cabinet colleagues that the government will bring forward an ambitious new legislative programme for MPs’ approval, and that the current parliamentary session will be brought to an end. More>>

ALSO:

Gordon Campbell: On The Hong Kong Protest Movement

The pro-democracy protests enjoy huge support among Hong Kong’s youth, partly because the democratic systems currently at risk have only a limited time span. More>>

ALSO: