Iranian networks targeted by Mahdi trojan

Security experts have positively identified an ongoing cyber espionage campaign targeting Iran and other Middle Eastern countries. 

According to researchers at the Israeli-based Seculert and Russia’s Kaspersky Lab, the “Mahdi campaign” trojan – coded in Farsi – has already claimed more than 800 victims.

Targets reportedly include critical infrastructure companies, engineering students, financial services firms and government embassies.

Although the vast majority of infections appear to have occurred in Iran, both Seculert and Kaspersky declined to speculate about specific targets of the campaign which apparently kicked off some 8 months ago.

“It’s for sure somebody who is fluent in Persian, but we don’t know the origin of those guys,” Seculert Chief Technology Officer Aviv Raff told Reuters.

“[It appears that] somebody is trying to build a dossier of a larger scale on something… We don’t know what they are going to do at the end.”

The Mahdi Trojan is coded to allow remote attackers to hack and extract files from infected PCs, monitor emails and instant messages – all while surreptitiously recording audio, logging keystrokes and taking screenshots. 

Raff also confirmed that gigabytes of stolen data have been uploaded from infected machines to multiple digital locales.