| SYMBOL | COMMON_NAME | aka. SYNONYMS |
UnsolicitedBooker is a China-aligned APT group known for its persistent targeting of an unnamed international organization in Saudi Arabia, employing a backdoor called MarsSnake. The group utilizes spear-phishing emails, often featuring flight tickets as decoys, to infiltrate governmental organizations across Asia, Africa, and the Middle East. Their operations have included multiple intrusion attempts over several years, demonstrating a sustained interest in their target. MarsSnake provides significant control over infected machines, allowing for arbitrary command execution and file access.
There are currently no families associated with this actor.
| 2025-07-01
⋅
ESET Research
⋅
ESET APT Activity Report Q4 2024–Q1 2025: Malware sharing, wipers and exploits UnsolicitedBooker |