Siesta

Siesta is a cyber espionage campaign which affects many organizations of multiple industries. The delivered malware threat is dubbed Siesta on account of periods of dormancy to access at regular intervals with email messages attacking executives of the company. The sender's email address is spoofed to occur as if it was sent by another employee of the company. The unsolicited emails did not encompass a malware infection, but they include links which direct to a download website. The website involving the malware threat is named [malicious domain]/ [organization name]/[legitimate archive name].zip. The archive encompasses an executable file which when first looked upon seems to be a safe PDF document but when run, a genuine PDF file which may have been taken from the attacked company's website and a harmful component is downloaded. The malware threat, known as Siesta, surreptitiously accesses the computer when the target PC user is looking at the PDF document and starts communicating with a command and control server from which it receives instructions like 'sleep' and 'download'. The sleep command instructs the malware infection to stay idle for given number of minutes before resuming its actions and the download command instructs the malware threat to drop and run an additional harmful component. In fact, the name Siesta campaign depends on the use of sleep command. 'Siesta' means 'nap' in Spanish.