Chinese advanced persistent threat group UnsolicitedBooker which overlaps with the Space Pirates and the still-unnamed Zardoor backdoor-using hacking operation has launched an attack with the new MarsSnake backdoor against an international organization based in Saudi Arabia, according to Security Affairs.
Malicious spear-phishing emails with bogus flight tickets have been leveraged by UnsolicitedBooker in the January intrusion against the Saudi Arabian organization, which had been subjected to an attack by the group months earlier that involved the same lures deploying the MarsSnake backdoor loader, a report from ESET showed. "The multiple attempts at compromising this organization in 2023, 2024, and 2025 indicate a strong interest by UnsolicitedBooker in this specific target," said ESET researchers. Aside from MarsSnake, UnsolicitedBooker which primarily compromises Asian, African, and Middle Eastern government entities was also found to have other Chinese-linked backdoors, such as the DeedRAT, Chinoxy, BeRAT, and Poison Ivy payloads as part of its attack arsenal.
Malicious spear-phishing emails with bogus flight tickets have been leveraged by UnsolicitedBooker in the January intrusion against the Saudi Arabian organization, which had been subjected to an attack by the group months earlier that involved the same lures deploying the MarsSnake backdoor loader, a report from ESET showed. "The multiple attempts at compromising this organization in 2023, 2024, and 2025 indicate a strong interest by UnsolicitedBooker in this specific target," said ESET researchers. Aside from MarsSnake, UnsolicitedBooker which primarily compromises Asian, African, and Middle Eastern government entities was also found to have other Chinese-linked backdoors, such as the DeedRAT, Chinoxy, BeRAT, and Poison Ivy payloads as part of its attack arsenal.
