The Siesta campaign started like many other targeted attack campaigns: crafty and under-the-radar.
Just like many campaigns that came before it, Siesta favored the use of spear-phishing emails to get inside a target network. Taking the bait one step further, bogus messages sent by this campaign are custom formatted to match the recipients’ organization names and addresses, so as to make them think that the message came from a legitimate source.
The Siesta campaign got its name from a notable routine it undergoes once it slips past a target network’s defenses and enters a system. Unlike other types of malware used by most targeted attacks, Siesta makes use of the malware TROJ_SLOTH to, as the name suggests, lie low for a bit before connecting to its command-and-control servers.
With a mindset of gaining more to earn more, the campaign’s creators used multicomponent malware to attack multiple industries at once. Because they're known to be sources of lucrative information, institutions that fall under these industries were targeted by the attackers: consumer goods and services, energy, finance, healthcare, media and telecommunications, public administration, security and defense, and transport and traffic. Given these, it won’t be surprising to see retail stores, banks, and government agencies reporting attacks from this targeted campaign yet again.
Like it? Add this infographic to your site: 1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).