Symantec Discovers New Cyber Espionage Campaign Targeting Middle Eastern Government and Business Organizations
August 14 2018 - 7:30PM
Business Wire
Leafminer Attack Group Attempts to Infiltrate
Targets Through Various Means of Intrusion
Symantec Corp. (NASDAQ: SYMC), the world’s leading cyber
security company, announced the new discovery of a cyber espionage
campaign from a group called Leafminer, which has been targeting
government organizations and business verticals across the Middle
East since at least early 2017.
Leafminer attempts to infiltrate target networks using three
main techniques for intrusion: watering hole websites,
vulnerability scans of network services on the internet, and
brute-force/dictionary login attempts. The group’s post-compromise
toolkit suggests that it is looking for email data, files and
database servers on compromised target systems.
“Leafminer’s interest in email data indicates that espionage is
the primary motivation,” said Einar Oftedal, vice president,
Detection Research at Symantec. “The group is highly active and
uses publicly available tools that don’t generally set off alerts,
along with its own custom malware. They have bold ambitions and are
eager to learn from more advanced threat actors, as seen by their
mimicking of Dragonfly’s watering hole technique.”
During the investigation of Leafminer, Symantec discovered a
list of 809 targets used by the attackers for vulnerability scans.
Target regions included in the list were Saudi Arabia, United Arab
Emirates, Qatar, Kuwait, Bahrain, Egypt, Israel and Afghanistan.
The primary industries under attack include governments, the
financial sector and the energy sector.
Given Leafminer’s list of targeted organizations was written in
the Iranian language Farsi and the web shell used to set up its
arsenal server was authored by MagicCoder, a notorious hacker
handle linked to Iranian hacking forums and the Sun Army hacker
group, Leafminer appears to be based in Iran.
Symantec has been protecting our customers against Leafminer,
and includes the following protections against these attacks:
- Backdoor.Sorgu
- Trojan.Imecab
For more information, visit
https://www.symantec.com/blogs/threat-intelligence/leafminer-espionage-middle-east.
About Symantec
Symantec Corporation (NASDAQ: SYMC), the world's leading cyber
security company, helps organizations, governments and people
secure their most important data wherever it lives. Organizations
across the world look to Symantec for strategic, integrated
solutions to defend against sophisticated attacks across endpoints,
cloud and infrastructure. Likewise, a global community of more than
50 million people and families rely on Symantec's Norton and
LifeLock product suites to protect their digital lives at home and
across their devices. Symantec operates one of the world's largest
civilian cyber intelligence networks, allowing it to see and
protect against the most advanced threats. For additional
information, please visit www.symantec.com or connect
with us on Facebook, Twitter, and LinkedIn.
View source
version on businesswire.com: https://www.businesswire.com/news/home/20180814005771/en/
SymantecJennifer Duffourg, +33 6 73 06 50
43uspress@symantec.com
Symantec (NASDAQ:SYMC)
Historical Stock Chart
From Apr 2024 to May 2024
Symantec (NASDAQ:SYMC)
Historical Stock Chart
From May 2023 to May 2024