Malware being distributed through spear phishing campaign

Government computer systems in Saudi Arabia are being subject to an “advanced” cyber-attack that utilizes PowerShell-based malware, security experts have warned.

According to Saudi Arabia’s National Cyber Security Center (NCSC), threat actors are distributing malware through an ongoing spear phishing campaign, where emails have been found to contain rigged Microsoft Office files.

While the NCSC did not provide any details regarding the government departments being targeted, it said the PowerShell-based malware utilizes HTTP tunneling to communicate with command and control domains.

“Most of the samples observed were Microsoft Office files containing a macro or a linked object that was delivered through spear phishing emails,” the NCSC said in an alert this week.

“Additionally, the malicious documents are sometimes compressed in a password protected RAR file to avoid mail protection mechanisms. The password is usually included in the email body.”