Cyber espionage attacks hit Middle East (page 1 of 2)

There have been several high profile cases of cyber attacks in the Middle East in recent times, including Stuxnet, Duqu, Madi and Flame. Each has been unique and affective in different ways. The Madi virus is a good deal more basic than the likes of Stuxnet, yet seems to be just as dangerous.

"The main peculiarity of the whole Madi campaign is that this info-stealing Trojan was quite unsophisticated," Alexander Gostev, chief security expert, Kaspersky Lab, tells AMEinfo.

"However, despite the crude coding, targeted character of the campaign enabled the attackers to infect the high-profile victims who were tricked with social engineering schemes. No advanced exploit techniques or zero-days are used anywhere in the malware, which makes the overall success of the campaign very surprising to the experts," he adds.

More viruses reported in Middle East

The latest cyber surveillance virus to hit the Middle East is called Gauss, and was reportedly built in the same laboratories as Stuxnet. The virus is capable of spying on financial transactions, email and social networking activity. It has been reported by Reuters that it may also be able to attack critical infrastructure as well. Kaspersky Lab's Gostev said in a press statement that there were similarities to the Flame virus.

"Gauss bears striking resemblances to Flame, such as its design and code base, which enabled us to discover the malicious program. Similar to Flame and Duqu, Gauss is a complex cyber-espionage toolkit, with its design emphasising stealth and secrecy; however, its purpose was different to Flame or Duqu. Gauss targets multiple users in select countries to steal large amounts of data, with a specific focus on banking and financial information."

Gauss was mainly found in Lebanon, and reports have emerged suggesting it was a state sponsored attack. No government has ever admitted to a state sponsored attack, but rumours and reports have suggested that in the past the US and Israel have both used cyber attacks against countries in the Middle East. Iran has long blamed the two countries for the Stuxnet and Duqu attacks aimed at its critical infrastructure.

Middle East prime target for cyber espionage

The Middle East is a prime target for those intent on spreading viruses, and not just in the cases of the more sophisticated and possibly state sponsored attacks in the region. In the case of Madi, the virus spread quickly across certain Middle East countries.

"Kaspersky Lab and Seculert identified more than 800 victims located in Iran, Israel and select countries across the globe connecting to the C&Cs over the past eight months," Gostev says in an interview with AMEinfo. "Statistics from the sinkhole revealed that the victims were primarily business people working on Iranian and Israeli critical infrastructure projects, Israeli financial institutions, Middle Eastern engineering students, and various government agencies communicating in the Middle East."

Madi is a cyber-espionage campaign involving a malicious Trojan which is delivered via social engineering schemes to carefully selected targets. The Trojan enables remote attackers to steal sensitive files from infected Windows computers, monitor sensitive communications such as email and instant messages, record audio, log keystrokes, and take screenshots of victims' activities, according to Kaspersky Lab. Data analysis suggests that multiple gigabytes of data have been uploaded from victims' computers.

"Common applications and websites that were spied on include accounts on Gmail, Hotmail, Yahoo! Mail, ICQ, Skype, Google+, and Facebook.