By Eduard Kovacs on February 16, 2017 A cyber espionage operation linked to Iran and the recent Shamoon 2 attacks has targeted several organizations in the Middle East, particularly in Saudi Arabia.
Researchers at Palo Alto Networks have been monitoring the campaign, which dates back to at least mid-2016. Dubbed “Magic Hound,” the operation has been aimed at energy, government and technology sector organizations that are located or have an interest in Saudi Arabia.
The threat actor behind Magic Hound has used a wide range of custom tools and an open-source cross-platform remote access tool (RAT) named Pupy. While Palo Alto Networks has not attributed these attacks to any country, researchers at SecureWorks have also analyzed the campaign and they believe it is related to an actor which they track as COBALT GYPSY. SecureWorks is highly confident that COBALT GYPSY is associated with the Iranian government. Full Article
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.