Saudi Arabia recently reportedly confirmed that the nation had been targeted with cybertattacks since February.
An unknown hacker group has been targeting Middle Eastern countries as well as others such as India, Pakistan, US and Georgia as part of what appears to be a massive cyber-espionage campaign. On Monday (20 November), the Saudi Arabian government's national cyber security center reportedly confirmed that the kingdom had been targeted by hackers since February.
The hacker group, dubbed MuddyWater, used fake documents, purporting to be from the NSA, Russian cybersecurity firm Kasperksy and the Iraqi government, among others, to trick victims into clicking on malicious documents. Security experts at Palo Alto Networks, who uncovered the campaign, said that the hackers are making use of a PowerShell-based first-stage backdoor called "POWERSTATS".
"The malicious documents were adjusted according to the target regions, often using the logos of branches of local government, prompting the users to bypass security controls and enable macros," Palo Alto Networks' Unit 42 security researchers said in a report.
The researchers said that the MuddyWater hacker group has been active throughout the year and apart from Saudi Arabia, has also targeted the UAE, Iraq, Israel and Turkey. The researchers noted that in some cases they found that the hackers had managed to have gained control of compromised accounts at third-party organisations. The hackers then used these compromised accounts to steal a legitimate document and create a malicious mimic to send it to a target.
For more details please visit: http://www.ibtimes.co.uk/muddywater-hackers-target-middle-eastern-nations-using-fake-nsa-kaspersky-documents-1648228