{ "id": "e8c32239-f340-49ba-b147-3df4597508b2", "created_at": "2026-04-06T00:22:09.882406Z", "updated_at": "2026-04-10T13:12:53.051734Z", "deleted_at": null, "sha1_hash": "ee0ebdae05ce6f4d923822d2a4fabda7fc983a2f", "title": "Kaspersky Lab and Seculert Announce ‘Madi,’ a Newly Discovered Cyber-Espionage Campaign in the Middle East", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 39288, "plain_text": "Kaspersky Lab and Seculert Announce ‘Madi,\r\n’ a Newly Discovered\r\nCyber-Espionage Campaign in the Middle East\r\nBy Kaspersky\r\nPublished: 2012-07-18 · Archived: 2026-04-05 15:31:17 UTC\r\nToday, Kaspersky Lab researchers announced the results of a joint-investigation with Seculert, an\r\nAdvanced Threat Detection company, regarding “Madi,” an active cyber-espionage campaign targeting\r\nvictims in the Middle East\r\nToday, Kaspersky Lab researchers announced the results of a joint-investigation with Seculert, an Advanced\r\nThreat Detection company, regarding “Madi,” an active cyber-espionage campaign targeting victims in the Middle\r\nEast. Originally discovered by Seculert, Madi is a computer network infiltration campaign that involves a\r\nmalicious Trojan which is delivered via social engineering schemes to carefully selected targets.\r\nKaspersky Lab and Seculert worked together to sinkhole the Madi Command \u0026 Control (C\u0026C) servers to monitor\r\nthe campaign. Kaspersky Lab and Seculert identified more than 800 victims located in Iran, Israel and select\r\ncountries across the globe connecting to the C\u0026Cs over the past eight months.  Statistics from the sinkhole\r\nrevealed that the victims were primarily business people working on Iranian and Israeli critical infrastructure\r\nprojects, Israeli financial institutions, Middle Eastern engineering students, and various government agencies\r\ncommunicating in the Middle East.\r\nIn addition, examination of the malware identified an unusual amount of religious and political ‘distraction’\r\ndocuments and images that were dropped when the initial infection occurred.\r\n“While the malware and infrastructure is very basic compared to other similar projects, the Madi attackers have\r\nbeen able to conduct a sustained surveillance operation against high-profile victims,” said Nicolas Brulez, Senior\r\nMalware Researcher, Kaspersky Lab. “Perhaps the amateurish and rudimentary approach helped the operation fly\r\nunder the radar and evade detection.”\r\n“Interestingly, our joint analysis uncovered a lot of Persian strings littered throughout the malware and the C\u0026C\r\ntools, which is unusual to see in malicious code. The attackers were no doubt fluent in this language,” said Aviv\r\nRaff, Chief Technology Officer, Seculert.\r\nThe Madi info-stealing Trojan enables remote attackers to steal sensitive files from infected Windows computers,\r\nmonitor sensitive communications such as email and instant messages, record audio, log keystrokes, and take\r\nscreenshots of victims’ activities. Data analysis suggests that multiple gigabytes of data have been uploaded from\r\nvictims’ computers.\r\nCommon applications and websites that were spied on include accounts on Gmail, Hotmail, Yahoo! Mail, ICQ,\r\nSkype, Google+, and Facebook. Surveillance is also performed over integrated ERP/CRM systems, business\r\ncontracts, and financial management systems.\r\nhttps://www.kaspersky.com/about/press-releases/2012_kaspersky-lab-and-seculert-announce--madi--a-newly-discovered-cyber-espionage-campaign-in-the-middle-east\r\nPage 1 of 2\n\nKaspersky Lab’s Anti-Virus system detects the Madi malware variants along with its associated droppers and\r\nmodules, classified as Trojan.Win32.Madi.\r\nTo read the full research post by Kaspersky Lab’s experts please visit Securelist.\r\nTo read Seculert’s research about the Madi campaign please visit the Seculert Blog.\r\nSource: https://www.kaspersky.com/about/press-releases/2012_kaspersky-lab-and-seculert-announce--madi--a-newly-discovered-cyber-espion\r\nage-campaign-in-the-middle-east\r\nhttps://www.kaspersky.com/about/press-releases/2012_kaspersky-lab-and-seculert-announce--madi--a-newly-discovered-cyber-espionage-campaign-in-the-middle-east\r\nPage 2 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "Malpedia", "MISPGALAXY" ], "origins": [ "web" ], "references": [ "https://www.kaspersky.com/about/press-releases/2012_kaspersky-lab-and-seculert-announce--madi--a-newly-discovered-cyber-espionage-campaign-in-the-middle-east" ], "report_names": [ "2012_kaspersky-lab-and-seculert-announce--madi--a-newly-discovered-cyber-espionage-campaign-in-the-middle-east" ], "threat_actors": [ { "id": "322a0ef1-136b-400e-89d0-0d62ee2bd319", "created_at": "2023-01-06T13:46:38.662109Z", "updated_at": "2026-04-10T02:00:03.05924Z", "deleted_at": null, "main_name": "Madi", "aliases": [], "source_name": "MISPGALAXY:Madi", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "b07fec96-80cd-4d92-aa52-a26a0b25b7c2", "created_at": "2022-10-25T16:07:23.826594Z", "updated_at": "2026-04-10T02:00:04.760416Z", "deleted_at": null, "main_name": "Madi", "aliases": [ "Mahdi" ], "source_name": "ETDA:Madi", "tools": [ "Madi" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434929, "ts_updated_at": 1775826773, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/ee0ebdae05ce6f4d923822d2a4fabda7fc983a2f.pdf", "text": "https://archive.orkl.eu/ee0ebdae05ce6f4d923822d2a4fabda7fc983a2f.txt", "img": "https://archive.orkl.eu/ee0ebdae05ce6f4d923822d2a4fabda7fc983a2f.jpg" } }