Kaspersky Lab has been tracking a series of attacks utilizing unknown malware since early 2017. The attacks appear to be geopolitically motivated and target high-profile organizations. According to Kaspersky, the objective of the attacks is espionage since they involve gaining access to top legislative, executive and judicial bodies around the world.
Kaspersky links their findings to a previous report by Cisco Talos, which describes targeted attacks in the Middle East. "The attacker demonstrates excellent operational security (OPSEC)," Talos wrote in a blog post, adding that the attacker was particularly careful to camouflage their infrastructure. "The attacker uses the reputable CloudFlare system to hide the nature and location of their infrastructure."
According to Kaspersky, the attackers have targeted a large number of organizations globally since early 2017, with the main focus on the Middle East and North Africa (MENA). Targets include high-profile entities such as parliaments, senates, top state offices and officials, political science scholars, military and intelligence agencies, ministries, media outlets, research centers, election commissions, Olympic organizations, large trading companies, and other unknown entities.
The malware provides a remote CMD/PowerShell terminal for the attackers, enabling them to execute any scripts/commands and receive the result via HTTP requests. Victims have been spotted in the Palestinian Territories, Egypt, Jordan, the UAE, Saudi Arabia, Djibouti, Qatar, Lebanon, Chile, Somalia, Iraq, Morocco, Syria, India, Iran, Canada, the US, the UK, Germany, Israel, Afghanistan, Serbia, Russia, Oman, Kuwait, South Korea and Denmark.
[Source: Secure List]