Saturday, March 6, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Privacy

Advanced StrongPity Hackers Target Syria and Turkey with Retooled Spyware

June 30, 2020
in Internet Privacy
Advanced StrongPity Hackers Target Syria and Turkey with Retooled Spyware
585
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Cybersecurity researchers today uncovered new details of watering hole attacks against the Kurdish community in Syria and Turkey for surveillance and intelligence exfiltration purposes.

The advanced persistent threat behind the operation, called StrongPity, has retooled with new tactics to control compromised machines, cybersecurity firm Bitdefender said in a report shared with The Hacker News.

You might also like

Researchers Find 3 New Malware Strains Used by SolarWinds Hackers

Bug in Apple’s Find My Feature Could’ve Exposed Users’ Location Histories

Mazafaka — Elite Hacking and Cybercrime Forum — Got Hacked!

“Using watering hole tactics to selectively infect victims and deploying a three-tier C&C infrastructure to thwart forensic investigations, the APT group leveraged Trojanized popular tools, such as archivers, file recovery applications, remote connections applications, utilities, and even security software, to cover a wide range of options that targeted victims might be seeking,” the researchers said.

With the timestamps of the analyzed malware samples used in the campaign coinciding with the Turkish offensive into north-eastern Syria (codenamed Operation Peace Spring) last October, Bitdefender said the attacks could have been politically motivated.

Using Tainted Installers to Drop Malware

StrongPity (or Promethium) was first publicly reported on in October 2016 after attacks against users in Belgium and Italy that used watering holes to deliver malicious versions of WinRAR and TrueCrypt file encryption software.

Since then, the APT has been linked to a 2018 operation that abused Türk Telekom’s network to redirect hundreds of users in Turkey and Syria to malicious StrongPity versions of authentic software.

computer security

Thus when the targeted users attempt to download a legitimate application on the official website, a watering hole attack or an HTTP redirect is carried out to compromise the systems.

Last July, AT&T Alien Labs found evidence of a fresh spyware campaign that exploited trojanized versions of WinBox router management software and WinRAR file archiver to install StrongPity and communicate with the adversary infrastructure.

The new attack method identified by Bitdefender remains the same: target victims in Turkey and Syria using predefined IP list by leveraging tampered installers — including McAfee Security Scan Plus, Recuva, TeamViewer, WhatsApp, and Piriform’s CCleaner — hosted on localized software aggregates and sharers.

“Interestingly, all files investigated pertaining to the tainted applications appear to have been compiled from Monday to Friday, during normal 9 to 6 UTC+2 working hours,” the researchers said. “This strengthens the idea that StrongPity could be a sponsored and organized developer team paid to deliver certain ‘projects.”http://thehackernews.com/”

Once the malware dropper is downloaded and executed, the backdoor is installed, which establishes communication with a command and control server for document exfiltration and for retrieving commands to be executed.

computer security

It also deploys a “File Searcher” component on the victim’s machine that loops through every drive and looks for files with specific extensions (e.g., Microsoft Office documents) to be exfiltrated in the form of a ZIP archive.

This ZIP file is then split into multiple hidden “.sft” encrypted files, sent to the C&C server, and ultimately deleted from the disk to cover any tracks of the exfiltration.

Expanding Beyond Syria and Turkey

Although Syria and Turkey may be their recurring targets, the threat actor behind StrongPity appears to be expanding their victimology to infect users in Colombia, India, Canada, and Vietnam using tainted versions of Firefox, VPNpro, DriverPack, and 5kPlayer.

Calling it StrongPity3, Cisco Talos researchers yesterday described an evolving malware toolkit that employs a module called “winprint32.exe” to launch the document search and transmit the collected files. What’s more, the fake Firefox installer also checks if either ESET or BitDefender antivirus software is installed before dropping the malware.

“These characteristics can be interpreted as signs that this threat actor could in fact be part of an enterprise service for hire operation,” the researchers said. “We believe this has hallmarks a professionally packaged solution due to the similarity of each piece of malware being extremely similar but used across different targets with minor changes.”


Credit: The Hacker News By: noreply@blogger.com (Ravie Lakshmanan)

Previous Post

How startups are making the promise of AI and machine learning a reality

Next Post

University of California SF pays ransomware hackers $1.14 million to salvage research

Related Posts

Researchers Find 3 New Malware Strains Used by SolarWinds Hackers
Internet Privacy

Researchers Find 3 New Malware Strains Used by SolarWinds Hackers

March 6, 2021
Bug in Apple’s Find My Feature Could’ve Exposed Users’ Location Histories
Internet Privacy

Bug in Apple’s Find My Feature Could’ve Exposed Users’ Location Histories

March 6, 2021
Mazafaka — Elite Hacking and Cybercrime Forum — Got Hacked!
Internet Privacy

Mazafaka — Elite Hacking and Cybercrime Forum — Got Hacked!

March 6, 2021
Google Cloud Certifications — Get Prep Courses and Practice Tests at 95% Discount
Internet Privacy

Google Cloud Certifications — Get Prep Courses and Practice Tests at 95% Discount

March 5, 2021
CISA Issues Emergency Directive on In-the-Wild Microsoft Exchange Flaws
Internet Privacy

CISA Issues Emergency Directive on In-the-Wild Microsoft Exchange Flaws

March 5, 2021
Next Post
University of California SF pays ransomware hackers $1.14 million to salvage research

University of California SF pays ransomware hackers $1.14 million to salvage research

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

$100 in crypto for a kilo of gold: Scammer pleads guilty to investor fraud
Internet Security

$100 in crypto for a kilo of gold: Scammer pleads guilty to investor fraud

March 6, 2021
Revolution by Artificial Intelligence, Machine Learning and Deep Learning in the healthcare industry
Machine Learning

Revolution by Artificial Intelligence, Machine Learning and Deep Learning in the healthcare industry

March 6, 2021
Deploy AI models -Part 3 using Flask and Json | by RAVI SHEKHAR TIWARI | Feb, 2021
Neural Networks

Deploy AI models -Part 3 using Flask and Json | by RAVI SHEKHAR TIWARI | Feb, 2021

March 6, 2021
These two unusual versions of ransomware tell us a lot about how attacks are evolving
Internet Security

These two unusual versions of ransomware tell us a lot about how attacks are evolving

March 6, 2021
Researchers Find 3 New Malware Strains Used by SolarWinds Hackers
Internet Privacy

Researchers Find 3 New Malware Strains Used by SolarWinds Hackers

March 6, 2021
Analysis: The increasing scope of UK cryptocurrency regulation
Blockchain

Analysis: The increasing scope of UK cryptocurrency regulation

March 6, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • $100 in crypto for a kilo of gold: Scammer pleads guilty to investor fraud March 6, 2021
  • Revolution by Artificial Intelligence, Machine Learning and Deep Learning in the healthcare industry March 6, 2021
  • Deploy AI models -Part 3 using Flask and Json | by RAVI SHEKHAR TIWARI | Feb, 2021 March 6, 2021
  • These two unusual versions of ransomware tell us a lot about how attacks are evolving March 6, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates