"Islamic Nonprofit Infiltrated for 3 Years With Silent Backdoor"

Researchers at Cisco Talos discovered a stealthy espionage campaign aimed at an Islamic charitable nonprofit organization in Saudi Arabia. According to the researchers, the long-term campaign, which appears to have been active since March 2021, relies on a previously undocumented custom backdoor called Zardoor. The malware steals data from the unspecified victim organization about twice a month. The deployment of modified reverse-proxy tools, as well as the ability to dodge detection for over two years, suggest that an "advanced" threat actor carried out the attack. Security researchers have not yet identified any other Zardoor malware victims besides the Saudi Arabia-based charitable organization. This article continues to discuss findings and observations regarding the Zardoor campaign. 

Dark Reading reports "Islamic Nonprofit Infiltrated for 3 Years With Silent Backdoor"

Submitted by grigby1

Submitted by Gregory Rigby on