"UnsolicitedBooker sends spear-phishing emails, generally with a flight ticket as the decoy, and its targets include governmental organizations in Asia, Africa, and the Middle East."
"A Microsoft Word document is attached to the email, and the decoy content [...] is a flight ticket that was modified but is based on a PDF that was available online."
ESET discovered the threat actor UnsolicitedBooker, which has targeted a Saudi Arabian organization using a backdoor named MarsSnake. The group's tactics include spear-phishing emails, typically featuring flight tickets as bait. Their attacks have previously aimed at governmental entities across Asia, Africa, and the Middle East. This latest campaign involved a phishing email from Saudia Airlines with a malicious Word document that drops MarsSnake upon execution. The backdoor establishes communications with a remote server, reflecting the ongoing and sophisticated cyber threat landscape attributed to Chinese hacking groups.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]