Middle East telcos targeted by new malware with suspected nation-state backing
Telecommunications providers across the Middle East are being targeted with a new malware family that researchers are calling “HTTPSnoop.”
Cybersecurity experts at Cisco Talos published research on Tuesday about two pieces of malware that are masquerading as legitimate security software components, including Palo Alto Networks’ Cortex XDR application and Microsoft’s Exchange Web Services (EWS) platform – making detection difficult for defenders.
“At this point, this activity can not be tied to any known groups’ TTPs. This implies we are either dealing with a new actor group or potentially new activity with divergent TTPs of an existing group,” the researchers told Recorded Future News, referring to tactics, techniques and procedures. Cisco Talos suspects the operation is state-sponsored, but the researchers did not speculate on the origin. “Telecommunication companies have a huge amount of visibility into national and global internet traffic and are of high value, especially for state sponsored groups,” the researchers said.