Symantec’s threat report revealed that two hacking groups of state-sponsored threats have been using backdoors to spy on targets in Iran and other nations in the Middle East.
The two groups are known as ‘Cadelle’ and ‘Chafer’ and each of them uses their custom-developed backdoors. While Cadelle with its five member team uses backdoor ‘Cadelle’, Chafer’s backdoors are known as ‘Remexi’ and ‘Remexi B’ developed by its ten member team.
Both backdoors are capable enough to open connections and help attackers steal data from infected systems.
Reports by Symantec are of the view that the two groups which are targeting political dissidents from Iran and airports and telecommunications companies from other Middle East countries may be doing so with the intention to keep an eye on the movements of their targets.
Chafer has been using SQL injection attack to compromise servers and drop Backdoor, Remexi to infect its targets but the technique of Cadelle is not known yet.
After infecting targets, the backdoors can harm hugely. They can be used to gather and steal passwords, intercept document print commands, record audio via infected devices, take screengrabs, record webcam feeds, log keystrokes, log opened applications, and gather system and clipboard information.
First attackers using these backdoors were spotted in 2014 but the clues from each group’s code reveal that they might have used it in 2011.