VERY IMPORTANT

Cisco Talos discovered an ongoing espionage campaign targeting an Islamic charitable organization in Saudi Arabia using a new backdoor malware family named Zardoor. The threat actor has likely been active since at least March 2021 and uses customized reverse proxy tools like Fast Reverse Proxy, sSocks, and Venom to establish command and control. The attacker spreads tools like Zardoor through Windows Management Instrumentation and maintains persistence with scheduled tasks. Talos assesses this is an advanced threat actor based on their ability to create new malware, customize open source tools, and use living-off-the-land techniques to remain undetected.