ESET discovered the threat actor UnsolicitedBooker, which has targeted a Saudi Arabian organization using a backdoor named MarsSnake. The group's tactics include spear-phishing emails, typically featuring flight tickets as bait. Their attacks have previously aimed at governmental entities across Asia, Africa, and the Middle East. This latest campaign involved a phishing email from Saudia Airlines with a malicious Word document that drops MarsSnake upon execution. The backdoor establishes communications with a remote server, reflecting the ongoing and sophisticated cyber threat landscape attributed to Chinese hacking groups.
UnsolicitedBooker sends spear-phishing emails, generally with a flight ticket as the decoy, and its targets include governmental organizations in Asia, Africa, and the Middle East.
A Microsoft Word document is attached to the email, and the decoy content [...] is a flight ticket that was modified but is based on a PDF that was available online.
Collection
[
|
...
]