Damaging attacks from second and third-tier nation-state threat actors – especially in the Middle East – could become more of a pressing issue for enterprises next year if a couple of recent incidents are any indication.
Days after FireEye reported a recent attack where a likely nation-state actor disrupted operations at a critical infrastructure facility in the Middle East, there’s another report of an ominous new cyberattack campaign targeting similar organizations in the region.
This time, the warning is from Nyotron, which says it has spotted a threat actor with likely links to Saudi Arabia, Iran, or Algeria using a repurposed malware tool to target specific critical infrastructure organizations in the Middle East. The tool, which Nyotron has dubbed Copperfield, is based on H-Worm aka Houdini, a four-year-old remote access trojan (RAT) believed to be the work of an Algerian hacker. The malware is primarily being spread via infected USB drives; once installed on a system, it uses other methods to propagate.
Read more about the Copperfield operation, which appears focused on data theft and reconnaissance according to Nyotron on DarkReading.