5 matches found
How the Saitama backdoor uses DNS tunnelling
Thanks to the Malwarebytes Threat Intelligence Team for the information they provided for this article. Understandably, a lot of cybersecurity research and commentary focuses on the act of breaking into computers undetected. But threat actors are often just as concerned with the act of breaking o...
OilRig is back with another Phishing Email attack, delivering the Saitama Backdoor
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here An Iranian cyber espionage gang known as OilRig has began delivering malicious email to a Jordanian government employee at the foreign ministry. The email includes a malicious Excel sheet that installs the Saitama backdoor...
A week in security (May 9 – 15)
Last week on Malwarebytes Labs: How to spot the signs of a virtual kidnap scam Virtual credit cards coming to Chrome: What you need to know Clearview AI banned from selling facial recognition data in the US Cyberattacks on SATCOM networks attributed to Russian threat actors F5 BIG-IP vulnerabilit...
New Saitama backdoor Targeted Official from Jordan's Foreign Ministry
A spear-phishing campaign targeting Jordan's foreign ministry has been observed dropping a new stealthy backdoor dubbed Saitama. Researchers from Malwarebytes and Fortinet FortiGuard Labs attributed the campaign to an Iranian cyber espionage threat actor tracked under the moniker APT34, citing...
APT34 targets Jordan Government using new Saitama backdoor
On April 26th, we identified a suspicious email that targeted a government official from Jordans foreign ministry. The email contained a malicious Excel document that drops a new backdoor named Saitama. Following our investigation, we were able to attribute this attack to the known Iranian Actor...