UnsolicitedBooker targets Central Asian telecoms with LuciDoor and MarsSnake backdoors

First reported

24.02.2026 11:54

Last updated

1 unique sources, 1 articles

Summary

Hide ▲

The China-aligned threat actor UnsolicitedBooker has expanded its operations to target telecommunications companies in Kyrgyzstan and Tajikistan, deploying two distinct backdoors, LuciDoor and MarsSnake. The group, previously known for targeting Saudi Arabian entities, has been active since at least March 2023 and has a history of targeting organizations in Asia, Africa, and the Middle East. The latest attacks involve phishing emails with malicious Office documents that drop C++ malware loaders, which then deliver the backdoors. These backdoors establish C2 communication, collect system information, and exfiltrate data. The group has also been linked to tactical overlaps with other clusters, including Space Pirates and an unattributed campaign targeting Saudi Arabia with the Zardoor backdoor.

Timeline

24.02.2026 11:54 1 articles · 4h ago

UnsolicitedBooker targets Central Asian telecoms with LuciDoor and MarsSnake backdoors
UnsolicitedBooker has expanded its operations to target telecommunications companies in Kyrgyzstan and Tajikistan, deploying two distinct backdoors, LuciDoor and MarsSnake. The group, previously known for targeting Saudi Arabian entities, has been active since at least March 2023 and has a history of targeting organizations in Asia, Africa, and the Middle East. The latest attacks involve phishing emails with malicious Office documents that drop C++ malware loaders, which then deliver the backdoors. These backdoors establish C2 communication, collect system information, and exfiltrate data.
Show sources

UnsolicitedBooker Targets Central Asian Telecoms With LuciDoor and MarsSnake Backdoors — thehackernews.com — 24.02.2026 11:54
Open in new tab

Information Snippets

UnsolicitedBooker has targeted telecommunications companies in Kyrgyzstan and Tajikistan with LuciDoor and MarsSnake backdoors.
First reported: 24.02.2026 11:54

1 source, 1 article
Show sources
- UnsolicitedBooker Targets Central Asian Telecoms With LuciDoor and MarsSnake Backdoors — thehackernews.com — 24.02.2026 11:54
The group was first documented by ESET in May 2025, targeting an unnamed international organization in Saudi Arabia with the MarsSnake backdoor.
First reported: 24.02.2026 11:54

1 source, 1 article
Show sources
- UnsolicitedBooker Targets Central Asian Telecoms With LuciDoor and MarsSnake Backdoors — thehackernews.com — 24.02.2026 11:54
The attacks involve phishing emails with malicious Office documents that drop C++ malware loaders, which then deliver the backdoors.
First reported: 24.02.2026 11:54

1 source, 1 article
Show sources
- UnsolicitedBooker Targets Central Asian Telecoms With LuciDoor and MarsSnake Backdoors — thehackernews.com — 24.02.2026 11:54
LuciDoor and MarsSnake establish C2 communication, collect system information, and exfiltrate data.
First reported: 24.02.2026 11:54

1 source, 1 article
Show sources
- UnsolicitedBooker Targets Central Asian Telecoms With LuciDoor and MarsSnake Backdoors — thehackernews.com — 24.02.2026 11:54
The group has been linked to tactical overlaps with Space Pirates and an unattributed campaign targeting Saudi Arabia with the Zardoor backdoor.
First reported: 24.02.2026 11:54

1 source, 1 article
Show sources
- UnsolicitedBooker Targets Central Asian Telecoms With LuciDoor and MarsSnake Backdoors — thehackernews.com — 24.02.2026 11:54