Skip to content ↓ | Skip to navigation ↓

Security researchers are warning of an espionage campaign, dubbed “Operation Ghoul,” heavily targeting organizations in the industrial, engineering and manufacturing sectors, since March 2015.

In a blog post, Kaspersky Lab researchers said they had more recently observed new waves of attacks during June 2016. High activity was specifically seen in the Middle East region, in addition to ongoing targeted attacks across multiple regions.

In total, more than 130 organizations across the globe have been identified victims of the Operation Ghoul campaign, according to the firm.

The majority of targeted organizations are considered small-to-medium (SMB) companies (30-300 employees) associated with the “product life cycle of multiple goods, especially industrial equipment.”

Other targeted sectors include: shipping, pharmaceutical, trading, education, tourism and technology/IT.

Researchers said that although the reported attacks are scattered across the globe, cyber criminals behind the campaign have focused on certain countries more than others.

In particular, Spain saw the most attacks, with 25 victim organizations, followed by Pakistan (22), the United Arab Emirates (19), India (17), Egypt (16), and others.

The main infection vector is via malicious emails that appear to be coming from a bank in the UAE, which include compressed executables. 

“The malware collects all data such as passwords, keystrokes and screenshots, then sends it to the attackers,” Hasbini said.

“The spear phishing emails are mostly sent to senior members and executives of targeted organizations, most likely because the attackers hope to get access to core intelligence, controlling accounts and other interesting information,” explained Mohamad Amin Hasbini, senior security researcher at Kaspersky Lab.

Hasbini noted that the attackers’ motivations appear to be financial, whether through the victim’s banking accounts or though selling their intellectual property to interested parties.

Given the number of attacks seen in the wild, the firm recommends users to be extra cautious while checking and opening emails and attachments.

“Privileged users need to be well trained and ready to deal with cyber threats,” said Hasbini. “Failure in this is, in most cases, the cause behind private or corporate data leakage, reputation and financial loss.”