Symantec's threat report revealed that two hacking groups of
state-sponsored threats have been using backdoors to spy on targets in Iran and
other nations in the Middle East.
The two groups are known as ‘Cadelle’ and ‘Chafer’ and each
of them uses their custom-developed backdoors. While Cadelle with its five
member team uses backdoor ‘Cadelle’, Chafer’s backdoors are known as ‘Remexi’
and ‘Remexi B’ developed by its ten member team.
Both backdoors are capable enough to open connections and
help attackers steal data from infected systems.
Reports by Symantec are of the view that the two groups which
are targeting political dissidents from Iran and airports and
telecommunications companies from other Middle East countries may be doing so
with the intention to keep an eye on the movements of their targets.
Chafer has been using SQL injection attack to compromise servers
and drop Backdoor, Remexi to infect its
targets but the technique of Cadelle is not known yet.
After infecting targets, the backdoors can harm hugely. They
can be used to gather and steal passwords, intercept document print commands,
record audio via infected devices, take screengrabs, record webcam feeds, log
keystrokes, log opened applications, and gather system and clipboard
information.
First attackers using these backdoors were spotted in 2014 but the clues from each group’s code reveal that they might have used it in 2011.