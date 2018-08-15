Symantec Corp. (NASDAQ: SYMC), the world’s leading cyber security
company, announced
the new discovery of a cyber espionage campaign from a group called
Leafminer, which has been targeting government organizations and
business verticals across the Middle East since at least early 2017.
Leafminer attempts to infiltrate target networks using three main
techniques for intrusion: watering hole websites, vulnerability scans of
network services on the internet, and brute-force/dictionary login
attempts. The group’s post-compromise toolkit suggests that it is
looking for email data, files and database servers on compromised target
systems.
“Leafminer’s interest in email data indicates that espionage is the
primary motivation,” said Einar Oftedal, vice president, Detection
Research at Symantec. “The group is highly active and uses publicly
available tools that don’t generally set off alerts, along with its own
custom malware. They have bold ambitions and are eager to learn from
more advanced threat actors, as seen by their mimicking of Dragonfly’s
watering hole technique.”
During the investigation of Leafminer, Symantec discovered a list of 809
targets used by the attackers for vulnerability scans. Target regions
included in the list were Saudi Arabia, United Arab Emirates, Qatar,
Kuwait, Bahrain, Egypt, Israel and Afghanistan. The primary industries
under attack include governments, the financial sector and the energy
sector.
Given Leafminer’s list of targeted organizations was written in the
Iranian language Farsi and the web shell used to set up its arsenal
server was authored by MagicCoder, a notorious hacker handle linked to
Iranian hacking forums and the Sun Army hacker group, Leafminer appears
to be based in Iran.
Symantec has been protecting our customers against Leafminer, and
includes the following protections against these attacks:
For more information, visit https://www.symantec.com/blogs/threat-intelligence/leafminer-espionage-middle-east.
