Tortoiseshell cybercrime attacks Saudi IT Provider companies

11 It Companies has been attacked by Tortoiseshell cyber criminals group, in the last 14 month in Saudi Arabia.

According to “Symentec” researchers, the cyber criminals (attackers) main motive beside the all actives is to compromise with the customers of these companies and the other main notable element of this attack is that, on two of the compromised networks, various hundred system were infected with malicious malware. This is an very unusually huge number of machine to be compromised in a targeted attack. It is quite possible that the cyber criminals (attackers) were forced to infect many computer system before finding those that were of most interest to them”, — reported by:– Symantec researchers.

Tortoiseshell cybercrime
Tortoiseshell cybercrime (Backdoor.Syskit)

This cyber criminal released a malicious malware called Backdoor.Syskit, created in version in .NET and Delphi. By the help of this backdoor, the cyber criminals can download other nasty malware silently and execute other additional harmful tools and command.

“Once Backdoor.Syskit get success to infect computer system, user can’t think that this nasty malware how much harm theirs PC. First of it will do some malicious or unwanted changes into system like it will destroy the all security program of the infected system even the antivirus program for avoid removal, and then open the backdoor of infected system and silently allow the cyber criminals to access the compromised system by their own way, and invites other cunning threats for the help. Now you can think what will happen when the cyber criminals operate your system”.

To install this nasty Backdoor.Syskit is launched using the “-install” button. The nasty program will collect and send your IP address and all the confidential information to the attackers.

On at least two victim networks, Tortoiseshell Posted its information Collecting equipment to the Netlogon folder on a domain controller. This results in the information Collecting equipment being executed automatically when a client machine logs into the domain. This activity indicates the cyber criminals had achieved domain admin level access on these networks, meaning they had access to all system on the network”, — reported by Symantec researchers.

Leave a Reply

Close Menu