Summary: A targeted cyber-espionage campaign identified by Proofpoint has been aimed at aviation, satellite communications, and transportation sectors in the UAE, utilizing advanced polyglot malware techniques. The attack, attributed to the UNK_CraftyCamel threat cluster, involves spearphishing tactics and sophisticated malware designed to evade detection. Compromised communications from a trusted Indian electronics company facilitated the distribution of this malware to high-value targets in the UAE.
Affected: Aviation, satellite communications, and transportation organizations in the UAE
Keypoints :
- Campaign employs polyglot malware for targeted attacks against select organizations in UAE.
- Malicious emails were sent from a compromised email related to a trusted business connection.
- The SOSANO backdoor is heavily obfuscated and designed for persistence and remote control execution.
- Malware analysis reveals similarities with known Iranian-aligned threat groups.
- Attackers utilize custom payloads to bypass traditional security measures effectively.
Source: https://securityonline.info/unk_craftycamel-new-threat-group-using-polyglot-malware-in-uae/