A wave of targeted cyberattack campaigns bent on espionage is cresting around the globe, using a strain of a 13-year old backdoor trojan named Bandook.
According to Check Point Research, Bandook was last spotted being used in 2015 and 2017/2018, in the “Operation Manul” and “Dark Caracal” campaigns, respectively. The malware then all but disappeared from the threat landscape – but it’s now having a resurgence.
According to the firm, dozens of digitally signed variants of this commodity malware are popping up in an unusually large variety of sectors and locations. Targeted entities include those in the government, financial, energy, food industry, healthcare, education, IT and legal sectors. And, they have been located in Chile, Cyprus, Germany, Indonesia, Italy, Singapore, Switzerland, Turkey and the U.S.