Security researchers with Symantec have been tracking a cyber campaign targeting IT providers in Saudi Arabia and other countries in the Middle East. The firm attributes the campaign to Tortoiseshell Group, a previously undocumented threat actor that has been active since at least July of 2018.
Tortoiseshell Group has infiltrated the networks of a minimum of 11 organizations using both custom and known malware. The group was most recently active in July of this year. Symantec believes the attackers ultimately aim to target the customers of IT companies, which means that the campaigns are supply-chain attacks.
Read more: New Attack Group Targets Saudi IT Providers