Kaspersky Lab’s Cyber-Espionage Campaign

Kaspersky Lab's Cyber-Espionage Campaign

Kaspersky Lab researchers have recently announced the results of a joint investigation with Seculert, a Threat Detection company, regarding “Madi”, an active cyber-espionage campaign targeting victims in the Middle East.


Kaspersky Lab and Seculert worked together to sinkhole the Madi Command & Control (C&C) servers to monitor the campaign. Kaspersky Lab and Seculert identified more than 800 victims located in Iran, Israel and select countries across the globe connecting to the C&Cs over the past eight months.  In addition, examination of the malware identified an unusual amount of religious and political “distraction” documents and images that were dropped when the initial infection occurred.


“While the malware and infrastructure is very basic compared to other similar projects, the Madi attackers have been able to conduct a sustained surveillance operation against high-profile victims. Perhaps, the amateurish and rudimentary approach helped the operation fly under the radar and evade detection,” said Nicolas Brulez, Senior Malware Researcher, Kaspersky Lab.


“Interestingly, our joint analysis uncovered a lot of Persian strings littered throughout the malware and the C&C tools, which is unusual to see in malicious code. The attackers were no doubt fluent in this language,” said Aviv Raff, Chief Technology Officer, Seculert.


Kaspersky Lab’s Anti-Virus system detects the Madi malware variants along with its associated droppers and modules, classified as Trojan.Win32.Madi.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s