New Attack Group Targets Saudi IT Providers

A previously undocumented threat group has been mounting what appear to be supply-chain attacks against IT providers in the Middle East.

Since July 2018, Tortoiseshell Group has targeted at least 11 organizations, using a deadly mix of custom-made and off-the-shelf malware. The majority of the companies to come under virtual fire are based in Saudi Arabia.

Tortoiseshell's nefarious activities were spotted by researchers at Symantec, who have recorded activity stemming from the group as recently as July 2019. 

At two of the organizations unfortunate enough to be attacked by Tortoiseshell, several hundred network computers ended up being infected with malware. Researchers believe that this unusually large number of compromised consoles is indicative of the group's desire to infiltrate particular computers. 

The exact intentions of the attackers are unknown, though Symantec's researchers believe that the threat group's end goal was to compromise the computers belonging to the customers of the IT firms targeted. And you can bet that they weren't going to all this trouble just to change people's screensavers to a goofy picture of an adorable puppy. 

Evidence gathered by the researchers suggests that the attackers were able to gain domain admin–level access to the networks of at least two of the IT providers upon which they preyed.  

Gavin O'Gorman, an investigator with Symantec Security Response, said: "Tortoiseshell deployed its information-gathering tools to the Netlogon folder on a domain controller, on at least two victim networks. This results in the information-gathering tools' being executed automatically when a client computer logs into the domai ..

Support the originator by clicking the read the rest link below.