The middle east has become a main frame targets of various cyber espionage. Be it Stuxnet, Flame or Duqu, nothing has left untouched the middle east people. In a joint work of Kasper Lab and Securelet, security researchers have discovered a new cyber-espionage campaign targeting victims in the Middle East. The joint efforts depicts that more than 800 victims located in Iran, Israel, Afghanistan were being targeted in the course of eight months. The espionage has been named “Madi” due to the use of certain strings and handles by the attackers. According to wikipedia, In Islamic eschatology, the Mahdi is the prophesied redeemer of Islam who will rule for seven, nine or nineteen years before the Day of Judgment and will rid the world of wrongdoing, injustice and tyranny. According to the analysis made by the experts, the campaign relied on a couple of well known, simpler attack techniques to deliver the payloads, which reveals a bit about the victims online awareness. Large amounts of data collection reveal the focus of the campaign on Middle Eastern critical infrastructure engineering firms, government agencies, financial houses, and academia.
Madi has a different story when it comes to the comparison with previous piece of code that created havocs in the middle east. The Madi malware associated with the electronic spying operation is far less sophisticated than the Flame, Duqu and Stuxnet worms associated with previously discovered spying operation, many of which have become associated with operations against Iran’s controversial nuclear program. Basically it is a Trojan that allows remote attackers to swipe sensitive files from infected Windows computers, monitor email and instant messages exchanges, record audio, log keystrokes, and take screenshots of victims’ activities. in all these respects the malware is similar in capabilities to banking Trojans. Common applications and websites that were spied on include accounts on Gmail, Hotmail, Yahoo! Mail, ICQ, Skype, Google+, and Facebook. Surveillance also tapped integrated ERP/CRM systems, business contracts, and financial management systems. Kaspersky Lab and Seculert worked together to get into the Madi Command & Control (C&C) servers and thus monitor the spying operation. We hope to see more new things coming up as the analysis goes on. Till then stay tuned.