Madi  (Back to overview)

Kaspersky Lab and Seculert worked together to sinkhole the Madi Command & Control (C&C) servers to monitor the campaign. Kaspersky Lab and Seculert identified more than 800 victims located in Iran, Israel and select countries across the globe connecting to the C&Cs over the past eight months. Statistics from the sinkhole revealed that the victims were primarily business people working on Iranian and Israeli critical infrastructure projects, Israeli financial institutions, Middle Eastern engineering students, and various government agencies communicating in the Middle East. Common applications and websites that were spied on include accounts on Gmail, Hotmail, Yahoo! Mail, ICQ, Skype, Google+, and Facebook. Surveillance is also performed over integrated ERP/CRM systems, business contracts, and financial management systems.

---

Associated Families

There are currently no families associated with this actor.

---

References

2019 ⋅ Council on Foreign Relations ⋅ Cyber Operations Tracker @online{tracker:2019:madi:22827f1, author = {Cyber Operations Tracker}, title = {{Madi}}, date = {2019}, organization = {Council on Foreign Relations}, url = {https://www.cfr.org/interactive/cyber-operations/madi}, language = {English}, urldate = {2019-12-20} } Madi Madi

2012-07-26 ⋅ Kaspersky Labs ⋅ GReAT @online{great:20120726:madi:d4f911e, author = {GReAT}, title = {{The Madi Campaign – Part II}}, date = {2012-07-26}, organization = {Kaspersky Labs}, url = {https://securelist.com/the-madi-campaign-part-ii-53/33701/}, language = {English}, urldate = {2019-12-20} } The Madi Campaign – Part II Madi

2012-07-25 ⋅ Threatpost ⋅ Chris Brook @online{brook:20120725:new:67f3d60, author = {Chris Brook}, title = {{New and Improved Madi Spyware Campaign Continues}}, date = {2012-07-25}, organization = {Threatpost}, url = {https://threatpost.com/new-and-improved-madi-spyware-campaign-continues-072512/76849/}, language = {English}, urldate = {2019-12-17} } New and Improved Madi Spyware Campaign Continues Madi

2012-07-18 ⋅ Symantec ⋅ Security Response @online{response:20120718:madi:7d27c61, author = {Security Response}, title = {{The Madi Attacks: Series of Social Engineering Campaigns}}, date = {2012-07-18}, organization = {Symantec}, url = {https://web.archive.org/web/20120718173322/https://www.symantec.com/connect/blogs/madi-attacks-series-social-engineering-campaigns}, language = {English}, urldate = {2020-04-21} } The Madi Attacks: Series of Social Engineering Campaigns Madi

2012-07-17 ⋅ Symantec ⋅ Symantec Security Response @online{response:20120717:madi:e5495bd, author = {Symantec Security Response}, title = {{The Madi Attacks: Series of Social Engineering Campaigns}}, date = {2012-07-17}, organization = {Symantec}, url = {https://www.symantec.com/connect/blogs/madi-attacks-series-social-engineering-campaigns}, language = {English}, urldate = {2019-12-18} } The Madi Attacks: Series of Social Engineering Campaigns Madi

2012-07-17 ⋅ Kaspersky Labs ⋅ GReAT @online{great:20120717:madi:ddf85da, author = {GReAT}, title = {{The Madi Campaign – Part I}}, date = {2012-07-17}, organization = {Kaspersky Labs}, url = {https://securelist.com/the-madi-campaign-part-i-5/33693/}, language = {English}, urldate = {2019-12-20} } The Madi Campaign – Part I Madi

2012-07-17 ⋅ Kaspersky Labs ⋅ Kaspersky @online{kaspersky:20120717:kaspersky:bbbf635, author = {Kaspersky}, title = {{Kaspersky Lab and Seculert Announce ‘Madi,’ a Newly Discovered Cyber-Espionage Campaign in the Middle East}}, date = {2012-07-17}, organization = {Kaspersky Labs}, url = {https://www.kaspersky.com/about/press-releases/2012_kaspersky-lab-and-seculert-announce--madi--a-newly-discovered-cyber-espionage-campaign-in-the-middle-east}, language = {English}, urldate = {2019-12-10} } Kaspersky Lab and Seculert Announce ‘Madi,’ a Newly Discovered Cyber-Espionage Campaign in the Middle East Madi

---

Credits: MISP Project