A newly discovered cyberspying campaign targeting petrochemical firms in the Middle East has security researchers baffled over its use of a variant of the old banking Trojan Citadel. IBM researchers recently found evidence of the attacks. Citadel, built for stealing banking credentials, is no longer supported and upgraded by its author. One in 500 machines worldwide is infected with this type of “massively distributed” malware at any time, according to IBM Trusteer’s data. CrowdStrike is seeing Chinese APT groups moving away from using malware in their exfiltration phase.”]