New backdoor used in long-term cyber espionage operation targeting an Islamic organization [Thursday, February 08, 2024]

Cisco Talos discovered an ongoing espionage campaign targeting an Islamic charitable organization in Saudi Arabia using a new backdoor malware fami...
New backdoor used in long-term cyber espionage operation targeting an Islamic organization [Thursday, February 08, 2024]
New backdoor used in long-term cyber espionage operation targeting an Islamic organization

New backdoor used in long-term cyber espionage operation targeting an Islamic organization

Description :
Cisco Talos discovered an ongoing espionage campaign targeting an Islamic charitable organization in Saudi Arabia using a new backdoor malware family named Zardoor. The threat actor has likely been active since at least March 2021 and uses customized reverse proxy tools like Fast Reverse Proxy, sSocks, and Venom to establish command and control. The attacker spreads tools like Zardoor through Windows Management Instrumentation and maintains persistence with scheduled tasks. Talos assesses this is an advanced threat actor based on their ability to create new malware, customize open source tools, and use living-off-the-land techniques to remain undetected.

Published Created Modified
2024-02-08 15:39:51 2024-02-08 15:39:51 2024-02-08 15:56:02

Tags

Indicators

IPv4s : Malwares :
  • Zardoor
Hashes :
  • 5226b67b5d49720981841fab64794533fe0530409ba2975e6125a4bc008f2480
  • 0058d495254bf3760b30b5950d646f9a38506cef8f297c49c3b73c208ab723bf
  • 5eeab7b795a3303c368c72ef09a345f3a4f02301ec443e98319d600e8287e852
  • c6419df4bbda5b75ea4a0b8e8acd2100b149443584390c91a218e7735561ef74
  • 73c7459e0c3ba00c0566f7baa710dd8b88ef3cf75ee0e76d36c5d8cd73083095
  • 7abf74260ae5b771182e95bc360fefa1b635b56b3aa05922506d55c5d15517c3
  • 4b16ea1b1273f8746cf399c71bfc1f5bff7378b5414b4ea044c55e0ee08c89d3
  • 29741f7987ab61b85adb310a7ab2f44405822f1719fa431c8f49007b64f6f5cd
  • b5b3627606a5c5e720fa32fb9cb90aa813c630673d23c97a81012b832799a897
  • f71f7c68209ea8218463df397e5c39ef5f916f138dc001feb3a60ef585bd2ac2
  • 1aea1e7098221f2cc76ccd45078d9a216236b4e7e295dfa68e8a25aab3abe778
  • 1480b2038395f9edd2c21dff68eb29a4d6177708b70b687f758af60c8b02f071
  • d5d16d9bb75d461922eade2597c233255871dc74659f0169f3d3f40f5273ab71
  • 3adcc81446f0e8ed1a2bc1e815613eb5622afba57941d651faa2b5bc4b2f13c1
  • 0a5aa03e35d6d9218342b2bec753a9800570c000964801cf6bfe45a9bb393c0d
  • a99a9f2853ff0ca5b91767096c7f7e977b43e62dd93bde6d79e3407bc01f661d
  • d267e2a6311fe4e2dfd0237652223add300b9a5233b555e131325a2612e1d7ef
  • d7dfa7009a9d808b744df8ed4f5852bd03ffb82f7a07a258ea8b5e0290fb7d87
  • 5655a2981fa4821fe09c997c84839c16d582d65243c782f45e14c96a977c594e
  • 7905bd9bb4d277a81935a22f975a0030faa9e5c9dbb9f6152c2f56ba1cd0cdea
Location :
  • Saudi Arabia
MITRE ATT&CK Techniques : Other observables :
  • NGO

External References

You can download the txt file containing the indicators by clicking on the button below:

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.