A persistent group of hackers has been hitting Saudi IT providers, Symantec says - CyberScoop

A persistent group of hackers has been hitting Saudi IT providers, Symantec says - CyberScoop: Over the last 14 months, a determined group of hackers has breached IT companies in Saudi Arabia in a likely attempt to gain access to their customers, security researchers said Wednesday. The group, dubbed Tortoiseshell, has struck at least 11 organizations, most of them in Saudi Arabia, since July 2018 and was active as recently as July 2019, according to cybersecurity company Symantec. Targeting Saudi IT providers and collecting data on their networks makes perfect sense for anyone looking for persistent access to those suppliers’ clients. Symantec did not speculate on which organizations the attackers have been targeting further upstream in the supply chain. Nor would the researchers describe the nature of the IT services the hacked organizations provide. Jon DiMaggio, senior threat intelligence analyst for Symantec Security Response, said the IT providers have a “large presence in Saudi Arabia” and have lots of customers. The IT providers “have that trust relationship with these customers,” DiMaggio told CyberScoop. …

explicita