Threat Intelligence, Malware, Threat Management

Chinese cyberespionage campaign targets Middle Eastern public and private sectors

Not long after FireEye warned Malaysia to anticipate an uptick in Chinese cyberespionage attacks surrounding China's Belt and Road Initiative, Symantec discovered a Chinese cyberespionage campaign targeting Middle Eastern Government and Business Organizations.

A threat group dubbed “Leafminer” has been targeting government organizations and business verticals in the Middle East since 2017 using watering hole websites, vulnerability scans of network services on the internet, and brute-force/dictionary login attempts, according to an Aug. 14 press release.

The threat actors primarily focused on governments, the financial sector and the energy sector, researchers believe the group infiltrates target networks in search of email data files and database servers based on the groups post-compromise toolkit.

"Leafminer's interest in email data indicates that espionage is the primary motivation,” Einar Oftedal, vice president, Detection Research at Symantec said in the release. "The group is highly active and uses publicly available tools that don't generally set off alerts, along with its own custom malware.”

Oftedal added that the group has bold ambitions and is eager to learn from more advanced threat actors based on how the group seemed to be mimicking Dragonfly's watering hole technique.

While investigating the threat group, researchers also stumbled upon a list of 809 targets including Saudi Arabia, United Arab Emirates, Qatar, Kuwait, Bahrain, Egypt, Israel, and Afghanistan, which was used by the threat actors for vulnerability scans.

Netskope Chief Executive Officer Sanjay Beri noted that while U.S. and Chinese cyberespionage is nothing new, this recent campaign suggests we are exiting the honeymoon period created by the deal Obama struck with President Xi Jinping in 2015.

““With economic tensions continuing to escalate, we can expect to see more China-backed intelligence gathering campaigns as the nation works to gain an edge over competitors in the west,” Beri said. “And, as our digital detente continues to crumble, organizations operating in sensitive sectors, such as energy, manufacturing, and government, must be on high-alert to ensure sensitive data is secured.”

Beri added everything from automobile and jet blueprints to internal discussions on negotiations with China and its neighbors are all at risk as a result.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.