Skip to main content

Hackers targeting Arabic-speaking countries with malicious Microsoft Office documents

posted onJanuary 26, 2020
by l33tdawg
Flickr
Credit: Flickr

Security researchers with Cisco's Talos Security Intelligence and Research Group discovered a new type of malware, which is able to attack a victim's devices through malicious Microsoft Office documents.

The malware is a Remote Access Trojan, also known as a RAT, that Talos analysts Warren Mercer, Paul Rascagneres, Vitor Ventura, and Eric Kuhla named "JhoneRAT" because it checks for new commands in the tweets from the handle @jhone87438316. The handle was suspended by Twitter, but JhoneRAT looks for new commands every 10 seconds using and HTML parser to identify new tweets.

In a blog post and an email interview, Rascagneres and the Talos team explained that this malware has been used specifically to target people and systems in Saudi Arabia, Iraq, Egypt, Libya, Algeria, Morocco, Tunisia, Oman, Yemen, Syria, UAE, Kuwait, Bahrain, and Lebanon. "We don't know why specifically these countries, the attackers simply hardcoded these countries in the malware. The attackers had complete control of the compromised systems. The purpose of the campaigns were cyber espionage," Rascagneres said.

Source

Tags

Industry News

You May Also Like

Recent News

Friday, November 29th

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th