A backdoor malware campaign dubbed OilRig that in May was discovered targeting organisations in Saudi Arabia is now trying to drill into government entities in Turkey, Israel and the US, as well as Qatari companies and organisations.

Palo Alto Networks Unit 42 threat research team updated the campaign's latest spear-phishing efforts in a blog post on Tuesday, warning that the campaign has updated its “Helminth” backdoor software as well as the malicious Excel documents that distribute the malware via macros.

According to the blog post, the phishing emails targeting Qatari organisations “were very specific to the organisation receiving them and in some cases were sent from partner organisations that already had a relationship with the recipient.”

Changes to malware over the last five months include the emergence of four distinct variants, each of which drops different filenames upon execution, Palo Alto continued in its report.