UPDATED 13:41 EST / JULY 19 2012

NEWS

Mahdi Malware Targets Middle East under a New Cyber Espionage Campaign

Yet another cyber espionage campaign targeting the Middle East countries has been revealed. Identified by Kaspersky Lab and Seculert, the so-called ‘Mahdi’ malware affected over 800 victims in Iran, Israel, and Afghanistan, for the last eight months. The victims are mostly associated with governmental departments and agencies.

“Statistics from the sinkhole revealed that the victims were primarily business people working on Iranian and Israeli critical infrastructure projects, Israeli financial institutions, Middle Eastern engineering students, and various government agencies communicating in the Middle East,” according to Seculert.

The targeted e-mails contain Word documents about missile testing, videos of nuclear explosions, photos of Jesus, and news articles about Israel versus Iran, which suggests that the attacks were done with a religious propaganda.

So, what is this ‘Mahdi’ thing? It is a Trojan that allows remote attackers to steal sensitive files from infected computers, monitor emails and instant messages exchanges, record audio, log keystrokes, and take screenshots of victims’ activities. Unlike Flame and Stuxnet, Mahdi is not a sophisticated malware. Moreover, it is characterized as “amateurish and rudimentary” in execution. Both Kaspersky and Seculert are working to find if Mahdi has any connection with above worms, and whether this was a state-sponsored attack.

“At the time of writing, the campaign continues to be in operation and we are working with various organizations to clean up and prevent further infections. While the malware and infrastructure is very basic compared to other similar projects, the Mahdi attackers have been able to conduct a sustained surveillance operation against high-profile victims,” said Nicolas Brulez, a senior malware researcher at Kaspersky Lab. “Perhaps the amateurish and rudimentary approach helped the operation fly under the radar and evade detection”, he added.

Cyber espionage has also become a common phenomenon in the virtual world, especially with sophisticated malware like Flame and Stuxnet. In fact, Stuxnet is another state-sponsored cyberwarfare as it was produced jointly by the United States and Israel in an attempt to sabotage Iran’s nuclear program. It’s been more than a year since the Internet-worm Stuxnet was first detected and dismantled, and it’s still considered to be a singularly jagged-edged piece of technology developed specifically with the intent of sabotage. Just a few days back, security experts revealed that the creators of the Flame and Stuxnet collaborated with one another during their development, to the extent that they even used the same source code, which means both Flame and Stuxnet are parallel projects.

As an outcome of cyber espionage, there happened massive cyber fraud across 60 banking institutions around the world, leading to pilfering of 75 million dollars from a number of high balance accounts. The attack is suspected to be infiltrating North and South American banking institutions. Having started in Italy, the attack spread throughout European institutions, targeting corporate bank accounts in a sophisticated and reportedly ongoing operation. And the most recent was the India blaming Chinese hackers for breaking into the sensitive naval computer systems of India’s Eastern Naval Command. Accordingly, the hackers planted bugs that transmitted confidential Indian Naval data to IP addresses in China.


A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU