Security News > 2020 > May > Chafer APT Hits Middle East Govs With Latest Cyber-Espionage Attacks
The Chafer APT has been active since 2014 and has previously launched cyber espionage campaigns targeting critical infrastructure in the Middle East.
"Researchers have found attacks conducted by this actor in the Middle East region, dating back to 2018," according to a Thursday Bitdefender analysis.
While the modus operandi behind the attacks against firms in Kuwait and Saudi Arabia shared "Some common stages," researchers noted that the attacks on victims from Kuwait were more sophisticated as attackers were able to move laterally on the network.
Researchers linked these campaigns with Chafer because some of the tools used bear similarities to the tools used in previously-documented Chafer APT attacks.
It's only the latest campaign for the Chafer APT. Last year, the Iran-linked APT was spotted targeting various entities based in Iran with an enhanced version of a custom malware that takes a very unique approach to communication by using the Microsoft Background Intelligent Transfer Service mechanism over HTTP. Another campaign in February, launched by two Iran-backed APTs who were possibly working together to compromise high-value organizations from the IT, telecom, oil and gas, aviation, government and security sectors in Israel, was loosely linked to the Chafin APT after researchers noted an overlap in approaches.
News URL
https://threatpost.com/chafer-apt-hits-middle-east-govs-with-latest-cyber-espionage-attacks/156002/
Related news
- PlushDaemon APT Targets South Korean VPN Provider in Supply Chain Attack (source)
- GamaCopy Mimics Gamaredon Tactics in Cyber Espionage Targeting Russian Entities (source)
- How Lazarus Group built a cyber espionage empire (source)
- RA World Ransomware Attack in South Asia Links to Chinese Espionage Toolset (source)
- Chinese espionage tools deployed in RA World ransomware attack (source)
- Winnti APT41 Targets Japanese Firms in RevivalStone Cyber Espionage Campaign (source)