Iranian Spies Target Saudi Arabia in "Magic Hound" Attacks

  • 16 February 2017
  • 0 replies
  • 237 views

Userlevel 7
Badge +54
By Eduard Kovacs on February 16, 2017 A cyber espionage operation linked to Iran and the recent Shamoon 2 attacks has targeted several organizations in the Middle East, particularly in Saudi Arabia.

Researchers at Palo Alto Networks have been monitoring the campaign, which dates back to at least mid-2016. Dubbed “Magic Hound,” the operation has been aimed at energy, government and technology sector organizations that are located or have an interest in Saudi Arabia.

The threat actor behind Magic Hound has used a wide range of custom tools and an open-source cross-platform remote access tool (RAT) named Pupy. While Palo Alto Networks has not attributed these attacks to any country, researchers at SecureWorks have also analyzed the campaign and they believe it is related to an actor which they track as COBALT GYPSY. SecureWorks is highly confident that COBALT GYPSY is associated with the Iranian government. Full Article

0 replies

Be the first to reply!

Reply