Saudi charity targeted by sophisticated cyber-attack – no mercy shown

February 12, 2024
1 min read



Sophisticated Cyber-Attack Hits Islamic Charity in Saudi Arabia

TLDR:

An Islamic charitable non-profit organization in Saudi Arabia has been targeted by a sophisticated cyber-espionage campaign. The campaign began in May 2023 and involved the use of malware called “Zardoor” and open-source reverse proxy tools. The attackers used Windows Management Instrumentation (WMI) to move laterally and executed commands remotely. They also utilized various techniques, such as the manipulation of system services and the creation of scheduled tasks, to maintain persistence and establish communication with external servers. The attackers’ use of legitimate tools repurposed for malicious activities highlights their sophistication. Despite extensive analysis, the campaign could not be attributed to any known threat actor.

According to a new advisory by cybersecurity firm Talos, the attackers used malware called “Zardoor” to establish persistence within the target organization’s network. Open-source reverse proxy tools were customized to minimize dependencies and execute commands seamlessly. The attackers employed Windows Management Instrumentation (WMI) to move laterally and execute commands remotely. Various backdoors were deployed to maintain access and exfiltrate data from compromised systems. Techniques such as the manipulation of system services and the creation of scheduled tasks were used to ensure persistence and establish communication with external servers.

The attackers’ use of tools like FRP and Venom highlights their sophistication, as these are legitimate tools repurposed for malicious activities. Such tactics increase the stealthiness of the attack and complicate efforts to identify and mitigate the threat. Talos noted that the level of expertise demonstrated by the attackers, coupled with their ability to create and customize tools, suggests the involvement of an advanced and skilled adversary. Despite extensive analysis, Talos was unable to attribute the campaign to any known threat actor.


Latest from Blog

MediSecure hacked with massive ransomware data breach

Summary of ‘MediSecure hit by large-scale ransomware data breach’ TLDR: MediSecure, an Australian prescriptions provider, was hit by a large-scale ransomware attack. The incident is believed to have originated from one of

Equalizing cybersecurity for all

TLDR: A discussion on how organizations can enhance their cybersecurity posture with Blumira’s automated threat monitoring, detection, and response solutions. Blumira is working to lower the barrier to entry in cybersecurity for

Big cyber-attacks cost less now

Summary of Unexpectedly, the cost of big cyber-attacks is falling TLDR: Cybercrime costs are expected to rise to $23 trillion by 2027, according to Anne Neuberger Data shows that the economic impact