A backdoor malware campaign dubbed OilRig that in May was discovered targeting organizations in Saudi Arabia is now trying to drill into government entities in Turkey, Israel and the U.S., as well as Qatari companies and organizations.

Palo Alto Networks Unit 42 threat research team updated the campaign's latest spear phishing efforts in a blog post yesterday, warning that the campaign has updated its “Helminth” backdoor software as well as the malicious Excel documents that distribute the malware via macros.

According to the blog post, the phishing emails targeting Qatari organizations “were very specific to the organization receiving them and in some cases were sent from partner organizations that already had a relationship with the recipient.”

Changes to malware over the last five months include the emergence of four distinct variants, each of which drops different filenames upon execution, Palo Alto continued in its report.