December 7, 2015
Two teams of Iran-based attackers have been using back door threats to conduct targeted surveillance of domestic and international targets. While the groups are heavily targeting individuals located in Iran, they’ve also compromised airlines and telecom providers in the Middle East region, possibly in an attempt to monitor targets’ movements and communications.
The attackers are part of two separate groups that have a shared interest in targets. One group, which we call Cadelle, usesBackdoor.Cadelspy, while the other, which we’ve named Chafer, uses Backdoor.Remexi and Backdoor.Remexi.B. These threats are capable of opening a back door and stealing information from victims’ computers.