New cyber espionage virus found targeting Iran

Dubbed the "Mahdi campaign" by security experts, the software is the first to be written in Farsi, stole info from around the Mideast.

By REUTERS
July 17, 2012 17:20
1 minute read.
Cyber warfare [illustrative]

Cyber warfare US Department of Homeland Security 311 (R). (photo credit: Ho New / Reuters)

 
X

Dear Reader,
As you can imagine, more people are reading The Jerusalem Post than ever before. Nevertheless, traditional business models are no longer sustainable and high-quality publications, like ours, are being forced to look for new ways to keep going. Unlike many other news organizations, we have not put up a paywall. We want to keep our journalism open and accessible and be able to keep providing you with news and analyses from the frontlines of Israel, the Middle East and the Jewish World.

As one of our loyal readers, we ask you to be our partner.

For $5 a month you will receive access to the following:

  • A user experience almost completely free of ads
  • Access to our Premium Section
  • Content from the award-winning Jerusalem Report and our monthly magazine to learn Hebrew - Ivrit
  • A brand new ePaper featuring the daily newspaper as it appears in print in Israel

Help us grow and continue telling Israel’s story to the world.

Thank you,

Ronit Hasin-Hochman, CEO, Jerusalem Post Group
Yaakov Katz, Editor-in-Chief

UPGRADE YOUR JPOST EXPERIENCE FOR 5$ PER MONTH Show me later Don't show it again

BOSTON - Security experts have uncovered an ongoing cyber espionage campaign targeting Iran and other Middle Eastern countries that they say stands out because it is the first such operation using communications tools written in Persian.

Israeli security company Seculert and Russia's Kaspersky Lab, said on Tuesday that they identified more than 800 victims of the operation. The targets include critical infrastructure companies, engineering students, financial services firms and government embassies located in five Middle Eastern countries, with the majority of the infections in Iran.

Be the first to know - Join our Facebook page.


Seculert and Kaspersky declined to identify specific targets of the campaign, which they believe began at least eight months ago. They said they did not know who was behind the attacks or if was a nation state.

"It's for sure somebody who is fluent in Persian, but we don't know the origin of those guys," said Seculert Chief Technology Officer Aviv Raff.

The Mahdi Trojan lets remote attackers steal files from infected PCs and monitor emails and instant messages, Seculert and Kaspersky said. It can also record audio, log keystrokes and take screen shots of activity on those computers.

The firms said they believed multiple gigabytes of data have been uploaded from targeted machines.

"Somebody is trying to build a dossier of a larger scale on something," Raff said. "We don't know what they are going to do at the end."



Researchers have previously said that nation states were almost certainly behind the Flame virus, which was discovered earlier this year, and Duqu, which was uncovered in 2011.

Seculert and Kaspersky dubbed the campaign Mahdi, a term referring to the prophesied redeemer of Islam, because evidence suggests the attackers used a folder with that name as they developed the software to run the project.

They also included a text file named mahdi.txt in the malicious software that infected target computers.

Related Content

German Chancellor Angela Merkel and Russian President Vladimir Putin speak during their meeting
August 18, 2018
Merkel, Putin tackle Syria and Iran in meeting outside Berlin

By REUTERS