"Islamic Nonprofit Infiltrated for 3 Years With Silent Backdoor"
"Islamic Nonprofit Infiltrated for 3 Years With Silent Backdoor"
Researchers at Cisco Talos discovered a stealthy espionage campaign aimed at an Islamic charitable nonprofit organization in Saudi Arabia. According to the researchers, the long-term campaign, which appears to have been active since March 2021, relies on a previously undocumented custom backdoor called Zardoor. The malware steals data from the unspecified victim organization about twice a month. The deployment of modified reverse-proxy tools, as well as the ability to dodge detection for over two years, suggest that an "advanced" threat actor carried out the attack.