Polyglot files used to spread new backdoor | CSO Online

A threat actor is using polyglot files in a spear-phishing campaign targeting critical infrastructure firms in the UAE, particularly in the aviation, satellite communications, and transportation sectors. The campaign, which leverages a compromised Indian electronics company’s email account, employs sophisticated tactics including polyglot files and a new backdoor called Sosano. CISOs are advised to be vigilant, as this tactic and backdoor may spread to other regions.