"Large amounts of data collection reveal the focus of the campaign on Middle Eastern critical infrastructure engineering firms, government agencies, financial houses, and academia," the Kaspersky researchers said. "Individuals within this victim pool and their communications were selected for increased monitoring over extended periods of time."

The Mahdi malware is distributed via rogue emails that use basic social engineering techniques to trick recipients into opening specially crafted PowerPoint files.

The malware installer is embedded inside these files and gets executed if users agree to a PowerPoint security warning alerting them about the security risks associated with loading inserted objects.

It's not clear if this is a state-sponsored attack, Seculert's chief technology officer Aviv Raff said Tuesday via email. The Mahdi malware is not among the most complex cyberespionage threats ever found and, in fact, appears to have been written in a rush, he said.

However, "the targeted entities are spread within the members of the attack group, which might suggest that this attack requires large investment or financial backing," Raff said.