Hackers Targeting Turkey & Syria With Spyware

Uploaded on 2020-07-20 in FREE TO VIEW, GOVERNMENT-National, INTELLIGENCE--International

Cyber security analysts have found evidence of watering hole attacks against the Kurdish community in Syria and Turkey for surveillance and intelligence exfiltration purposes. A  sophisticated threat called StrongPity, has reconfigured with new tactics to control compromised machines. 

Bitdefender researchers have recently found the APT group StrongPity has been targeting victims in Turkey and Syria.

Using watering hole tactics to selectively infect victims and deploying a three-tier C&C infrastructure to thwart forensic investigations, the APT group has leveraged Trojanized popular tools, such as archivers, file recovery applications, remote connections applications, utilities, and even security software, to cover a wide range of options that targeted victims might be seeking.

The data gathered while investigating this group suggests the attackers are interested especially in the Kurdish community, placing the threat in the geo-political context of the constant conflicts in the region.

StrongPity was first publicly reported on in 2016 after attacks against users in Belgium and Italy that used watering holes to deliver malicious versions of WinRAR and TrueCrypt file encryption software. Since then, the APT has been linked to an attack in 2018 that rearranged Türk Telekom's network to redirect hundreds of users in Turkey and Syria to malicious StrongPity versions of authentic software.

Although Syria and Turkey may be their recurring targets, the threat actor behind StrongPity appears to be expanding their victimology to infect users in Colombia, India, Canada, and Vietnam using tainted versions of Firefox, VPNpro, DriverPack, and 5kPlayer. This has been described as an evolving malware that employs a module called "winprint32.exe" to launch the document search and transmit the collected files. What's more, the fake Firefox installer also checks if either ESET or BitDefender antivirus software is installed before dropping the malware.

Once the victim is compromised, components pertaining to persistency, command and control communication, and file searching are deployed on the victim’s machine. Based on instructions, the exfiltration component runs a file searching mechanism responsible for looping through drives looking for files with specific extensions.

If found, they are placed in a temporary zip archive. They will be split into hidden .sft encrypted files, sent to the C&C server, and ultimately deleted from the disk to cover any tracks of the exfiltration.

BitDefender:      AlienVault:       Hacker News:       

You Might Also Read:

Turkey Using German Spy Software On Opposition Politicians & Activists:

 

« Security Risks of Contactless Payment
Blockchain - A Simple Idea With Complications »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

MetaCompliance

MetaCompliance

MetaCompliance is a cyber security and compliance organisation that helps transform your company culture and safeguard your data and values.

Cyber Conflict Studies Association (CCSA)

Cyber Conflict Studies Association (CCSA)

Cyber Conflict Studies Association (CCSA) is a non-profit organization dedicated to leading a diversified research agenda in the field of cyber conflict.

Davis Wright Tremaine (DWT)

Davis Wright Tremaine (DWT)

Davis Wright Tremaine is a full-service law firm with offices throughout the US and in Shanghai, China. Practice areas include Technology, Privacy & Security.

Eden Legal

Eden Legal

Eden Legal provides legal services on commercial and regulatory issues affecting digital businesses.

Technology Association of Georgia (TAG)

Technology Association of Georgia (TAG)

TAG's mission is to educate, promote, influence and unite Georgia's technology community to stimulate and enhance Georgia's tech-based economy.

GreatHorn

GreatHorn

GreatHorn offers the only cloud-native security platform that stops targeted social engineering and phishing attacks on communication tools like O365, G Suite, and Slack.

Zighra

Zighra

Zighra is a leading provider of On-Device AI solutions for continuous authentication and fraud detection on mobile and web applications.

972VC

972VC

972VC was created to help entrepreneurs find potential funding for their startups. Your guide to the Israeli startup funding ecosystem.

HMS Networks

HMS Networks

HMS stands for Hardware meets Software. Our technology enables industrial hardware to communicate and share information with software and systems.

NWN Carousel

NWN Carousel

NWN Carousel delivers AI-powered technology solutions for the modern workplace. From unified communications and intelligent infrastructure to robust cybersecurity.

ISSQUARED

ISSQUARED

ISSQUARED is a leading provider of Cyber Security, Cloud, Infrastructure, Consulting and Digital Transformation services.

Carahsoft Technology Corp

Carahsoft Technology Corp

Carahsoft Technology is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets.

Sequentur

Sequentur

Sequentur is an award-winning Managed IT Services company. We are SOC 2 certified and provide Managed IT Services and Cybersecurity services to businesses nationwide.

Lighthouse IT

Lighthouse IT

At Lighthouse IT, we are focused on delivering seamless and reliable services to unlock the value of technology for your business.

DACTA Global

DACTA Global

DACTA was established with the aim of simplifying the perception of complexity surrounding digital security challenges and solutions.

Forthright Technology Partners

Forthright Technology Partners

Forthright Technology Partners (Forthright) is a next-generation cloud and managed IT services provider serving a global clientele.