Home / / Elfin hacking group attacking Saudi targets

Elfin hacking group attacking Saudi targets

Symantec warns that 'highly active' hacking group is targeting KSA and US

Elfin hacking group attacking Saudi targets
The Elfin hacking groups is one of the most active in the region, Symantec says.

A highly-active hacking group is attacking government and corporate targets in Saudi Arabia, according to Symantec.

The ‘Elfin' hacking group, has attacked over 50 entities in Saudi Arabia, the US and other countries for nearly four years, and is one of the most prolific groups targeting the region, the security company warns.

Elfin's targets have mainly been Saudi organisations including government, research, chemical, engineering, manufacturing, consulting, finance, telecoms, and several other sectors.

The group has also targeted some 18 entities in the US, including Fortune 500 companies and organisations in the engineering, chemical, research, energy consultancy, finance, IT, and healthcare sectors.

Symantec said that the group was active in February this year, when it launched a wave of attacks against the chemical sector in Saudi Arabia. The hacks attempted to exploit an issue with the WinRAR compression program, which would have allowed any code execution on compromised PCs. The exploit in this case had already been blocked by Symantec software, the company said.

The group, which first became active in late 2015 or early 2016, specializes in scanning for vulnerable websites and using this to identify potential targets, either for attacks or creation of command and control (C&C) infrastructure.

Symantec said that Elfin came under the spotlight in December 2018 when it was linked with a new wave of Shamoon attacks, which occurred in a close timescale. However, Symantec does not believe the two attacks were carried out by the same group.

In a blog post, Symantec's Security Response Attack Investigation Team said: "Elfin is one of the most active groups currently operating in the Middle East at present, targeting a large number of organisations across a diverse range of sectors. Over the past three years the group has utilized a wide array of tools against its victims, ranging from custom built malware to off-the-shelf RATs, indicating a willingness to continually revise its tactics and find whatever tools it takes to compromise its next set of victims."

Follow us to get the most comprehensive IT Security news delivered fresh from our social media accounts on Facebook, Twitter, Youtube, and listen to our Weekly Podcast. Click here to sign up for our weekly newsletter on curated technology news in the Middle East and Worldwide.

REGISTER NOW | Webinar Event | Security you can bank on – Safeguarding the Middle East’s financial sector

Presented in partnership with security and network specialist Cybereason, the second in the three part webinar series will bring together a panel of experts to discuss how banks and financial institutions are evolving their service offering while simultaneously staying one step ahead of the cyber criminals who seek to bring their operations crashing to the ground.