New cyber espionage virus found targeting Iran
Security experts have uncovered an ongoing cyber
espionage campaign targeting Iran and other Middle Eastern countries that they
say stands out because it is the first such operation using communications
tools written in Persian.
Israeli security company Seculert and Russia's Kaspersky
Lab, said on Tuesday that they identified more than 800 victims of the
operation. The targets include critical infrastructure companies, engineering
students, financial services firms and government embassies located in five
Middle Eastern countries, with the majority of the infections in Iran.
Seculert and Kaspersky declined to identify specific
targets of the campaign, which they believe began at least eight months ago.
They said they did not know who was behind the attacks or if was a nation
state.
"It's for sure somebody who is fluent in Persian,
but we don't know the origin of those guys," said Seculert Chief
Technology Officer Aviv Raff.
The Mahdi Trojan lets remote attackers steal files from
infected PCs and monitor emails and instant messages, Seculert and Kaspersky
said. It can also record audio, log keystrokes and take screen shots of
activity on those computers.
The firms said they believed multiple gigabytes of data
have been uploaded from targeted machines.
"Somebody is trying to build a dossier of a larger
scale on something," Raff said. "We don't know what they are going to
do at the end."
Researchers have previously said that nation states were
almost certainly behind the Flame virus, which was discovered earlier this
year, and Duqu, which was uncovered in 2011.
Seculert and Kaspersky dubbed the campaign Mahdi, a term
referring to the prophesied redeemer of Islam, because evidence suggests the
attackers used a folder with that name as they developed the software to run
the project.
They also included a text file named mahdi.txt in the
malicious software that infected target computers.
Comments
Post a Comment