Summary: An updated variant of the EAGERBEE malware framework has been targeting ISPs and governmental entities in the Middle East, showcasing advanced capabilities for system manipulation and remote access. This malware has been linked to various threat actors, including CoughingDown and Cluster Alpha, indicating a complex landscape of cyber espionage.
Threat Actor: CoughingDown | CoughingDown
Victim: ISPs and governmental entities | ISPs and governmental entities
Key Point :
- The EAGERBEE malware framework has evolved to include various plugins for enhanced functionality.
- It operates primarily in memory, making it difficult for traditional security solutions to detect.
- Recent attacks have exploited vulnerabilities like ProxyLogon to facilitate backdoor deployment.
- The malware is capable of executing commands, managing processes, and exfiltrating sensitive information.
- It has been associated with multiple threat clusters, indicating a broader cyber espionage effort.
Source: https://thehackernews.com/2025/01/new-eagerbee-variant-targets-isps-and.html