Kaspersky Lab and Seculert announce 'Madi' a newly discovered cyber-espionage campaign in the Middle East
Source: BI-ME , Author: Posted by BI-ME staff
Posted: Tue July 17, 2012 5:33 pm

UAE. Today, Kaspersky Lab researchers announced the results of a joint-investigation with Seculert, an Advanced Threat Detection company, regarding “Madi,” an active cyber-espionage campaign targeting victims in the Middle East.

Originally discovered by Seculert, Madi is a computer network infiltration campaign that involves a malicious Trojan which is delivered via social engineering schemes to carefully selected targets.

Kaspersky Lab and Seculert worked together to sinkhole the Madi Command & Control (C&C) servers to monitor the campaign. Kaspersky Lab and Seculert identified more than 800 victims located in Iran, Israel and select countries across the globe connecting to the C&Cs over the past eight months. 

Statistics from the sinkhole revealed that the victims were primarily business people working on Iranian and Israeli critical infrastructure projects, Israeli financial institutions, Middle Eastern engineering students, and various government agencies communicating in the Middle East.

In addition, examination of the malware identified an unusual amount of religious and political ‘distraction’ documents and images that were dropped when the initial infection occurred.

“While the malware and infrastructure is very basic compared to other similar projects, the Madi attackers have been able to conduct a sustained surveillance operation against high-profile victims,” said Nicolas Brulez, Senior Malware Researcher, Kaspersky Lab. “Perhaps the amateurish and rudimentary approach helped the operation fly under the radar and evade detection.”

“Interestingly, our joint analysis uncovered a lot of Persian strings littered throughout the malware and the C&C tools, which is unusual to see in malicious code. The attackers were no doubt fluent in this language,” said Aviv Raff, Chief Technology Officer, Seculert.

The Madi info-stealing Trojan enables remote attackers to steal sensitive files from infected Windows computers, monitor sensitive communications such as email and instant messages, record audio, log keystrokes, and take screenshots of victims’ activities. Data analysis suggests that multiple gigabytes of data have been uploaded from victims’ computers.

Common applications and websites that were spied on include accounts on Gmail, Hotmail, Yahoo! Mail, ICQ, Skype, Google+, and Facebook. Surveillance is also performed over integrated ERP/CRM systems, business contracts, and financial management systems.

Kaspersky Lab’s Anti-Virus system detects the Madi malware variants along with its associated droppers and modules, classified as Trojan.Win32.Madi.

To read the full research post by Kaspersky Lab’s experts please click here.  

To read Seculert’s research about the Madi campaign please visit http://blog.seculert.com/


About Kaspersky Lab
Kaspersky Lab is the largest antivirus company in Europe. It delivers some of the world’s most immediate protection against IT security threats, including viruses, spyware, crime-ware, hackers, phishing, and spam. The company is ranked among the world’s top four vendors of security solutions for endpoint users. Kaspersky Lab products provide superior detection rates and one of the industry’s fastest outbreak response times for home users, SMBs, large enterprises and the mobile computing environment. Kaspersky® technology is also used worldwide inside the products and services of the industry’s leading IT security solution providers. Learn more at: http://www.kaspersky.com/.

For the latest on antivirus, anti-spyware, anti-spam and other IT security issues and trends, visit: http://www.securelist.com/.

 

MIDDLE EAST BUSINESS COMMENT & ANALYSIS

date:Posted: July 26, 2017
UAE. The publication explores the efforts of 64 countries to promote boardroom diversity; Reveals 15% of all board seats are filled by women globally; Representation of women on boards remains very low across the region with women holding no more than 2% of board seats in the GCC region.
date:Posted: July 26, 2017
INTERNATIONAL. If making a buck meant not caring, would you still do it? With an annual infusion of US$15 billion, the sharing economy seems to be a case in point that spreading the love literally pays off.
date:Posted: July 25, 2017
UAE. The number of active residential and commercial building projects exceeds 7,488 in June 2017, according to BNC Network.
UAE. The publication explores the efforts of 64 countries to promote boardroom diversity; Reveals 15% of all board seats are filled by women globally; Representation of women on boards remains very low across the region with women holding no more than 2% of board seats in the GCC region.
dhgate