Market Overview

Symantec Discovers New Cyber Espionage Campaign Targeting Middle Eastern Government and Business Organizations


Leafminer Attack Group Attempts to Infiltrate Targets Through Various
Means of Intrusion

Symantec Corp. (NASDAQ:SYMC), the world's leading cyber security
company, announced
the new discovery of a cyber espionage campaign from a group called
Leafminer, which has been targeting government organizations and
business verticals across the Middle East since at least early 2017.

Leafminer attempts to infiltrate target networks using three main
techniques for intrusion: watering hole websites, vulnerability scans of
network services on the internet, and brute-force/dictionary login
attempts. The group's post-compromise toolkit suggests that it is
looking for email data, files and database servers on compromised target

"Leafminer's interest in email data indicates that espionage is the
primary motivation," said Einar Oftedal, vice president, Detection
Research at Symantec. "The group is highly active and uses publicly
available tools that don't generally set off alerts, along with its own
custom malware. They have bold ambitions and are eager to learn from
more advanced threat actors, as seen by their mimicking of Dragonfly's
watering hole technique."

During the investigation of Leafminer, Symantec discovered a list of 809
targets used by the attackers for vulnerability scans. Target regions
included in the list were Saudi Arabia, United Arab Emirates, Qatar,
Kuwait, Bahrain, Egypt, Israel and Afghanistan. The primary industries
under attack include governments, the financial sector and the energy

Given Leafminer's list of targeted organizations was written in the
Iranian language Farsi and the web shell used to set up its arsenal
server was authored by MagicCoder, a notorious hacker handle linked to
Iranian hacking forums and the Sun Army hacker group, Leafminer appears
to be based in Iran.

Symantec has been protecting our customers against Leafminer, and
includes the following protections against these attacks:

For more information, visit

About Symantec

Symantec Corporation (NASDAQ:SYMC), the world's leading cyber security
company, helps organizations, governments and people secure their most
important data wherever it lives. Organizations across the world look to
Symantec for strategic, integrated solutions to defend against
sophisticated attacks across endpoints, cloud and infrastructure.
Likewise, a global community of more than 50 million people and families
rely on Symantec's Norton and LifeLock product suites to protect their
digital lives at home and across their devices. Symantec operates one of
the world's largest civilian cyber intelligence networks, allowing it to
see and protect against the most advanced threats. For additional
information, please visit or
connect with us on FacebookTwitter,
and LinkedIn.

View Comments and Join the Discussion!