SYMBOLCOMMON_NAMEaka. SYNONYMS

Madi  (Back to overview)


Kaspersky Lab and Seculert worked together to sinkhole the Madi Command & Control (C&C) servers to monitor the campaign. Kaspersky Lab and Seculert identified more than 800 victims located in Iran, Israel and select countries across the globe connecting to the C&Cs over the past eight months. Statistics from the sinkhole revealed that the victims were primarily business people working on Iranian and Israeli critical infrastructure projects, Israeli financial institutions, Middle Eastern engineering students, and various government agencies communicating in the Middle East. Common applications and websites that were spied on include accounts on Gmail, Hotmail, Yahoo! Mail, ICQ, Skype, Google+, and Facebook. Surveillance is also performed over integrated ERP/CRM systems, business contracts, and financial management systems.


Associated Families

There are currently no families associated with this actor.


References
2019Council on Foreign RelationsCyber Operations Tracker
@online{tracker:2019:madi:22827f1, author = {Cyber Operations Tracker}, title = {{Madi}}, date = {2019}, organization = {Council on Foreign Relations}, url = {https://www.cfr.org/interactive/cyber-operations/madi}, language = {English}, urldate = {2019-12-20} } Madi
Madi
2012-07-26Kaspersky LabsGReAT
@online{great:20120726:madi:d4f911e, author = {GReAT}, title = {{The Madi Campaign – Part II}}, date = {2012-07-26}, organization = {Kaspersky Labs}, url = {https://securelist.com/the-madi-campaign-part-ii-53/33701/}, language = {English}, urldate = {2019-12-20} } The Madi Campaign – Part II
Madi
2012-07-25ThreatpostChris Brook
@online{brook:20120725:new:67f3d60, author = {Chris Brook}, title = {{New and Improved Madi Spyware Campaign Continues}}, date = {2012-07-25}, organization = {Threatpost}, url = {https://threatpost.com/new-and-improved-madi-spyware-campaign-continues-072512/76849/}, language = {English}, urldate = {2019-12-17} } New and Improved Madi Spyware Campaign Continues
Madi
2012-07-18SymantecSecurity Response
@online{response:20120718:madi:7d27c61, author = {Security Response}, title = {{The Madi Attacks: Series of Social Engineering Campaigns}}, date = {2012-07-18}, organization = {Symantec}, url = {https://web.archive.org/web/20120718173322/https://www.symantec.com/connect/blogs/madi-attacks-series-social-engineering-campaigns}, language = {English}, urldate = {2020-04-21} } The Madi Attacks: Series of Social Engineering Campaigns
Madi
2012-07-17SymantecSymantec Security Response
@online{response:20120717:madi:e5495bd, author = {Symantec Security Response}, title = {{The Madi Attacks: Series of Social Engineering Campaigns}}, date = {2012-07-17}, organization = {Symantec}, url = {https://www.symantec.com/connect/blogs/madi-attacks-series-social-engineering-campaigns}, language = {English}, urldate = {2019-12-18} } The Madi Attacks: Series of Social Engineering Campaigns
Madi
2012-07-17Kaspersky LabsGReAT
@online{great:20120717:madi:ddf85da, author = {GReAT}, title = {{The Madi Campaign – Part I}}, date = {2012-07-17}, organization = {Kaspersky Labs}, url = {https://securelist.com/the-madi-campaign-part-i-5/33693/}, language = {English}, urldate = {2019-12-20} } The Madi Campaign – Part I
Madi
2012-07-17Kaspersky LabsKaspersky
@online{kaspersky:20120717:kaspersky:bbbf635, author = {Kaspersky}, title = {{Kaspersky Lab and Seculert Announce ‘Madi,’ a Newly Discovered Cyber-Espionage Campaign in the Middle East}}, date = {2012-07-17}, organization = {Kaspersky Labs}, url = {https://www.kaspersky.com/about/press-releases/2012_kaspersky-lab-and-seculert-announce--madi--a-newly-discovered-cyber-espionage-campaign-in-the-middle-east}, language = {English}, urldate = {2019-12-10} } Kaspersky Lab and Seculert Announce ‘Madi,’ a Newly Discovered Cyber-Espionage Campaign in the Middle East
Madi

Credits: MISP Project