Camel-ouflage: UNK_CraftyCamel’s Sneaky Cyber Espionage in UAE Unveiled!

Proofpoint warns that UNK_CraftyCamel, an Iranian actor, has targeted UAE sectors with a sneaky polyglot file trick. The campaign uses a new backdoor called Sosano, which naps before it acts—proving even malware needs a break. The attack likely aligns with IRGC interests. Watch out, UAE: the camel’s gone crafty!

3P
Published: March 5, 2025 1:52 pmAdded: March 5, 2025 at 6:17 amAssembled by: The Editor
Pro Dashboard

Hot Take:

It seems the “Crafty Camel” has galloped out of nowhere, bringing a hump of trouble to the UAE. Just when you thought camels were only for desert rides, this one’s packing polyglot files and backdoors. Who knew cyber-espionage could have a camel motif? Watch out, this one’s got humps of stealthy tricks up its sleeve.

Key Points:

– UNK_CraftyCamel is a newly tracked Iranian threat actor targeting UAE organizations.
– The campaign uses polyglot files to disguise malicious payloads, which is a unique espionage technique.
– The backdoor, dubbed Sosano, is written in Golang and can execute various commands.
– Sosano attempts to contact a command-and-control server to receive further instructions.
– The campaign’s tactics align with known Iranian threat actors, potentially linked to IRGC.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?