Palo Alto Networks researchers have been investigating a Web shell dubbed TwoFace that was used in a recent security incident involving a Middle Eastern organization. They found a larger-than-expected adversary network that included multiple compromised websites, credential harvesting systems, command-and-control servers and post-exploitation tools. The researchers also discovered a significant link between the operators of the TwoFace campaign and those behind OilRig, a malware used in major data theft campaign in Saudi Arabia last year. The findings are important considering the extent to which the Middle East has become a hotbed of threat activity.”]