INDEPENDENT NEWS

Symantec Discovers New Cyber Espionage Campaign

Published: Wed 15 Aug 2018 02:55 PM
Symantec Discovers New Cyber Espionage Campaign Targeting Middle Eastern Government and Business Organisations
Leafminer Attack Group Attempts to Infiltrate Targets Through Various Means of Intrusion
AUCKLAND – 15 August 2018 – Symantec Corp. (NASDAQ: SYMC), the world’s leading cyber security company, announced the new discovery of a cyber espionage campaign from a group called Leafminer, which has been targeting government organisations and business verticals across the Middle East since at least early 2017.
Leafminer attempts to infiltrate target networks using three main techniques for intrusion: watering hole websites, vulnerability scans of network services on the internet, and brute force/dictionary login attempts. The group’s post-compromise toolkit suggests that it is looking for email data, files, and database servers on compromised target systems.
“Leafminer’s interest in email data indicates that espionage is the primary motivation,” said Einar Oftedal, vice president, Detection Research at Symantec. “The group is highly active and uses publicly available tools that don’t generally set off alerts, along with its own custom malware. They have bold ambitions and are eager to learn from more advanced threat actors, as seen by their mimicking of Dragonfly’s watering hole technique.”
During the investigation of Leafminer, Symantec discovered a list of 809 targets used by the attackers for vulnerability scans. Target regions included in the list were Saudi Arabia, United Arab Emirates, Qatar, Kuwait, Bahrain, Egypt, Israel and Afghanistan. The primary industries under attack include governments, the financial sector and the energy sector.
Given Leafminer’s list of targeted organisations was written in the Iranian language Farsi and the web shell used to set up its arsenal server was authored by MagicCoder, a notorious hacker handle linked to Iranian hacking forums and the Sun Army hacker group, Leafminer appears to be based in Iran.
Symantec has been protecting our customers against Leafminer, and includes the following protections against these attacks:
Backdoor.Sorgu
Trojan.Imecab
For more information, visit https://www.symantec.com/blogs/threat-intelligence/leafminer-espionage-middle-east.

Next in World

At UN, youth activists press for bold action
By: United Nations
Tongan PM 'Akilisi Pohiva dies, aged 78
By: RNZ
UK PM to Suspend Parliament; Queen's Speech
By: 10 Downing Street
Gordon Campbell on the Hong Kong protest movement
By: Gordon Campbell
4 days until intergenerational climate strike
By: School Strike 4 Climate
The Nation: Simon Shepherd Interviews James Shaw
By: The Nation
Coal use increasing under Labour-Green policies
By: New Zealand National Party
NZCTU calls on employers to release staff for Climate Strike
By: New Zealand Council of Trade Unions
Interim Climate Change Committee Call for evidence launched
By: Interim Climate Change Committee
Climate change is here - we all need to do our part
By: Citizens Environmental Advocacy Centre
Preventing climate change cheaper than dealing with damage
By: University of Queensland
Winners of 2019 Global Youth Video Competition
By: UNFCCC
Extinction Rebellion: Leaving it to the Students
By: Binoy Kampmark
Major IPCC report: ‘The climate crisis is an oceans crisis’
By: Greenpeace
View as: DESKTOP | MOBILEWe're in BETA! Send Feedback © Scoop Media