News
The Malware That Must Not Be Named: Suspected Espionage Campaign Delivers “Voldemort”
In August 2024, Proofpoint researchers identified an unusual campaign using a novel attack chain to deliver custom malware. The threat actor named the malware “Voldemort” based on internal filenames and strings used in the malware.
The attack chain comprises multiple techniques currently popular within the threat landscape as well as uncommon methods for command and control (C2), like the use of Google Sheets. Its combination of tactics, techniques, and procedures (TTPs), lure themes impersonating government agencies of various countries, and odd file naming and passwords like “test” are notable. Researchers initially suspected the activity may be a red team. However, the large volume of messages and analysis of the malware very quickly indicated it was a threat actor.
Proofpoint assesses with moderate confidence this is likely an advanced persistent threat (APT) actor with the objective of intelligence gathering. However, Proofpoint does not have enough data to attribute with high confidence to a specific named threat actor (TA). Despite the widespread targeting and characteristics more typically aligned with cybercriminal activity, the nature of the activity and capabilities of the malware show more interest in espionage rather than financial gain at this time.
Voldemort is a custom backdoor written in C. It has capabilities for information gathering and to drop additional payloads. Proofpoint observed Cobalt Strike hosted on the actor’s infrastructure, and it is likely that is one of the payloads that would be delivered.
Beginning on 5 August 2024, the malicious activity included over 20,000 messages impacting over 70 organizations globally. The first wave of messages included a few hundred daily but then spiked on 17 August with nearly 6,000 total messages.
Messages purported to be from various tax authorities notifying recipients about changes to their tax filings. Throughout the campaign, the actor impersonated tax agencies in the U.S. (Internal Revenue Service), the UK (HM Revenue & Customs), France (Direction Générale des Finances Publiques), Germany (Bundeszentralamt für Steuern), Italy (Agenzia delle Entrate), and from August 19, also India (Income Tax Department), and Japan (National Tax Agency). Each lure was customized and written in the language of the authority being impersonated.
Proofpoint analysts correlated the language of the email with public information available on a select number of targets, finding that the threat actor targeted the intended victims with their country of residence rather than the country that the targeted organization operates in or country or language that could be extracted from the email address. For example, certain targets in a multi-national European organization received emails impersonating the IRS because their publicly available information linked them to the US. In some cases, it appears that the threat actor mixed up the country of residence for some victims when the target had the same (but uncommon) name as a more well-known person with a more public presence. Emails were sent from suspected compromised domains, with the actor including the agency’s real domain in the email address.
The threat actor targeted 18 different verticals, but nearly a quarter of the organizations targeted were insurance companies. Aerospace, transportation, and university entities made up the rest of the top 50% of organizations targeted by the threat actor.
Proofpoint does not attribute this activity to a tracked threat actor. Based on the functionality of the malware and collected data observed when examining the Sheet, information gathering was one objective of this campaign. While many of the campaign characteristics align with cybercriminal threat activity, we assess this is likely espionage activity conducted to support as yet unknown final objectives.
The Frankensteinian amalgamation of clever and sophisticated capabilities, paired with very basic techniques and functionality, makes it difficult to assess the level of the threat actor’s capability and determine with high confidence the ultimate goals of the campaign. It is possible that large numbers of emails could be used to obscure a smaller set of actual targets, but it’s equally possible the actors wanted to genuinely infect dozens of organizations. It is also possible that multiple threat actors with varying levels of experience in developing tooling and initial access worked on this activity. Overall, it stands out as an unusual campaign.
The behavior combines a variety of recently popular techniques observed in several disparate campaigns from multiple cybercriminal threat actors that have used similar techniques as part of ongoing experimentation across the initial access ecosystem. Many of the techniques used in the campaign are observed more frequently in the cybercriminal landscape, demonstrating that actors engaging in suspected espionage activity often use the same TTPs as financially motivated threat actors.
While the activity appears to align with espionage activity, it is possible that future activities associated with this threat cluster may change this assessment. In that case, it would indicate cybercriminal actors, while demonstrating some typical e-crime delivery characteristics, used customized malware with unusual features currently only available to the operators and not abused in widespread campaigns, as well as very specific targeting not normally seen in financially motivated campaigns.
Defense against observed behaviors includes restricting access to external file sharing services to only known, safelisted servers; blocking network connections to TryCloudflare if it is not required for business purposes; and monitoring and alerting on use of search-ms in scripts and suspicious follow-on activity such as LNK and PowerShell execution.
Proofpoint reached out to our industry colleagues about the activities in this report abusing their services, and their collaboration is appreciated.
Hospitality
Lavoya Restaurant Group expands its culinary portfolio in the GCC through the acquisition of Em Sherif Deli in UAE
Lavoya Restaurant Group has announced its acquisition of Em Sherif Deli franchise in the GCC, marking a significant step in the group’s strategic expansion within the culinary landscape. The partnership emphasizes Lavoya’s commitment to diversifying its portfolio and enhancing its presence in casual dining sector.
Em Sherif Deli, known for its authentic Mediterranean flavors and innovative deli offerings, has quickly gained recognition since its launch. With its flagship location in downtown Beirut, Em Sherif Deli respresents the rich culinary heritage of Lebanon while appealing to a modern audience.
Walid Hajj, Co-Founder and CEO of Lavoya, said: “This move represents a significant milestone for Lavoya. By integrating Em Sherif Deli into our portfolio, we are not only expanding our culinary offerings, but also reinforcing our dedication to fostering exceptional dining experiences. Em Sherif Deli’s commitment to quality and authenticity aligns perfectly with our vision for growth.”
Dani Chaccour, CEO of Em Sherif, said: “We are excited to be working with Lavoya to develop Em Sherif Deli in a market that we strongly believe in and have great plans for. Lavoya’s track record will in no doubt help us grow the footprint of this young, hip and new age brand. We look forward to our launch in the UAE soon”
As part of this collaboration, Lavoya plans to open multiple new locations for Em Sherif Deli in key locations across the UAE, further solidifying its position as a leader in the culinary sector. This move aligns with the UAE’s vision, which aims to promote economic diversification, grow the tourism and hospitality sectors, and solidify the country’s reputation as a premier dining destination.
Financial
Dubai Islamic Bank Celebrates Fifth Cohort of High Potential Programme, Paving the Way for Future Leadership
Dubai Islamic Bank (DIB) celebrated a notable milestone with the successful graduation of the 5th batch of high potential employees in DIB’s High Potential Employee Development Programme (HIPO).
In the bank’s ongoing endeavour to hone talent within the organisation and provide them with a platform to excel individually as well contribute in fulfilling the bank’s ambitious growth opportunities, the HIPO programme began in 2015 and has already delivered an army of nearly 150 professionals who are not just excelling in the workforce but leading by example.
The 5th batch of HIPO graduates were felicitated by the Group CEO, Dr. Adnan Chilwan, as well as other executives from the senior leadership team of the organisation.
The HIPO programme is an 18-month intensive leadership training schedule that includes a comprehensive suite of assessments, specialised training, mentorship, and coaching. Developed in partnership with globally recognised institutions, HIPO equips participants to excel in their roles and drive the bank’s strategic objectives.
To ensure the momentum is maintained, DIB has begun rolling out nominations for the next cohort for the next programme that is scheduled to commence in Q4 2024.
Commenting on the success and effectiveness of the journey undertaken so far, Dr. Adnan Chilwan, Group Chief Executive Officer of DIB, said, “The High Potential Programme is central to our inclusive talent development approach within the organisation, designed to prepare the next wave of leaders in the banking and financial sector. This initiative reflects our dedication to fostering outstanding talent by empowering individuals who possess the inherent traits with advanced skill sets ensuring both professional and personal elevation as well as quality contribution to further the organisation’s strategic goals. Our ambition is to unleash these individuals into the financial world so that they support and positively impact the larger economic objectives of the UAE. I extend my warmest congratulations to all our graduates and look forward to their future contributions to our collective ambitions. We also extend our profound thanks to all our partners for their enduring commitment and involvement in our training endeavours, which are crucial in systematically cultivating quality professionals within our organisation.”
As DIB steadfastly invests in its workforce, the bank upholds its position of leadership in the banking sector as an Employer of Choice, committed to promoting professional development and fostering inclusivity at every level of the organisation including the vital Emiratisation Agenda.
Hospitality
Dubai Airports to grow its solar footprint to cut its carbon footprint
In the presence of His Highness Sheikh Ahmed bin Saeed Al Maktoum, Chairman of the Dubai Supreme Council of Energy, Chairman of Dubai Airports,and Chief Executive, Emirates Airline and Group, and His Excellency Saeed Mohammed Al Tayer, Vice Chairman of the Dubai Supreme Council of Energy, Managing Director and CEO of Dubai Electricity and Water Authority (DEWA), Dubai Airports announced a landmark collaboration with Etihad Clean Energy Development Company, a wholly-owned subsidiary of DEWA, to launch the world’s largest rooftop solar panel installation project at an airport.
To solidify this ambitious initiative, Dubai Airports and Etihad Energy Services Company formalised an agreement during the prestigious World Green Economy Summit organised by the Dubai Supreme Council of Energy, Dubai Electricity and Water Authority, and the World Green Economy Organization. The event, held under the patronage of His Highness Sheikh Mohammed bin Rashid Al Maktoum, Vice President and Prime Minister of the UAE and Ruler of Dubai, took place at the Dubai World Trade Centre from 2 to 3 October 2024.
The agreement was signed by Paul Griffiths, CEO of Dubai Airports and Dr. Waleed Alnuaimi, CEO of Etihad ESCO.
His Excellency Saeed Mohammed Al Tayer said: “This initiative aligns with His Highness Sheikh Mohammed bin Rashid Al Maktoum vision to establish Dubai as one of the most sustainable cities in the world. While our roadmap outlines clear targets of achieving 25% of the energy mix from clean energy sources by 2030, and 100% by 2050, we are proactively accelerating our efforts. We anticipate surpassing these goals, potentially reaching 27% clean energy capacity as early as 2030, which would enable us to achieve our 2050 vision ahead of schedule. Undoubtedly, innovation and cutting-edge technologies are instrumental in expediting our progress towards a greener future.
This phased project of total 39MWp of clean energy, which will be fully operational by 2026, involves the installation of 62,904 solar panels across Dubai International (DXB) and Dubai World Central – Al Maktoum International (DWC) airports, set to generate 60,346MWh annually. It marks a significant stride toward decarbonising airport operations.
The solar panels, which will span passenger terminals and concourses across both airports, are expected to offset 23,000 tonnes of CO2 annually — equivalent to taking 5,000 cars off the road or powering 3,000 homes for a year. The energy generated will meet 6.5% of DXB’s power needs and 20% of DWC’s, reinforcing Dubai Airports’ long-term vision for cleaner, smarter, and more sustainable operations.
Sharing his insights on the initiative, Paul Griffiths, CEO of Dubai Airports said, “Airports are significant energy consumers, but with that comes tremendous opportunity and responsibility to drive real change. For us, this is not just about installing solar panels; it’s about embedding sustainability into the core of everything we do. Every kilowatt we generate from renewable sources brings us closer to shrinking our carbon footprint and future-proofing our operations. This is about setting the standard and leading the way for what a truly sustainable airport can achieve.”
Dr. Waleed Alnuaimi, CEO of Etihad ESCO, remarked, “Our longstanding partnership with Dubai Airports plays a pivotal role in our strategy to accelerate Dubai’s sustainability agenda. By broadening the solar footprint and implementing transformative initiatives like Shams Dubai, we are not only reducing energy demand but also driving the adoption of sustainable energy solutions across the emirate. This project, and others like it, demonstrates our commitment to building an integrated ecosystem that aligns with Dubai’s vision for a greener, more energy-efficient future.”
This solar initiative complements a series of ongoing environmental sustainability efforts by Dubai Airports, from strategic partnerships in the aviation sector to collaborative efforts within the oneDXB community, which includes airlines, service providers, and regulatory authorities managing the airport’s critical touchpoints. Whether it’s retrofitting hundreds of thousands of LED lights, optimising cooling systems, switching to biodiesel-powered ground vehicles, or cutting food waste to landfill, Dubai Airports is committed to making measurable, impactful changes — one step at a time.
The project builds on the successful installation of solar panels at DXB’s Terminal 2 and Concourse D, where solar power is already playing a vital role in reducing energy consumption and lowering emissions. While ambition and innovation drive progress, the key to achieving sustainable transformation lies in collaboration, foresight, and consistent action. Dubai Airports is focused on ensuring these values guide every initiative, aligning with Dubai’s and the UAE’s broader environmental objectives to create a better tomorrow, together.
-
Tech News3 months ago
Denodo Bolsters Executive Team by Hiring Christophe Culine as its Chief Revenue Officer
-
Tech Interviews7 months ago
Navigating the Cybersecurity Landscape in Hybrid Work Environments
-
Tech News7 months ago
Brighton College Abu Dhabi and Brighton College Al Ain Donate 954 IT Devices in Support of ‘Donate Your Own Device’ Campaign
-
Features5 months ago
Security in the Cloud Age: Combating Risks with Hybrid Cloud Solutions
-
Tech Features4 months ago
The Middle East to Lead with Next-generation Mission Critical Communication Advancement
-
Automotive8 months ago
Al-Futtaim Automotive Builds On 23-Year Legacy of Trust & Leadership in UAE’s Pre-Owned Car Market to Sell Over 25,000 Used Vehicles in 2023
-
Tech News10 months ago
Senet enters MENA’s Competitive Gaming Scene with ‘skill-to-earn’ Platform
-
Tech News9 months ago
Google Appoints Ziad Jammal as Google Cloud Country Manager in the United Arab Emirates