The APT group known as StrongPity is back with a new watering-hole campaign, targeting mainly Kurdish victims in Turkey and Syria. The malware served offers operators the ability to search for and exfiltrate any file or document from a victim’s machine. The group (a.k.a. Promethium) is operating a series of bogus websites purporting to offer a range of popular software utilities. The tools on offer are trojanized versions of archivers, file-recovery applications, remote-connection applications, security software and more. These include 7-zip, WinRAR archiver, McAfee Security Scan Plus, Recuva, TeamViewer, WhatsApp, Piriform CCleaner, CleverFiles Disk Drill, DAEMON Tools Lite, Glary Utilities and RAR Password Unlocker. The sheer variety of the trojanized applications on offer in the latest campaign is a method aimed at casting a wide net in terms of victims’ interests, according to researchers at Bitdefender in a report released Tuesday. That’s not to say however that the attacks are devoid of targeting. The effort selectively targets victims using pre-defined IP list, researchers said; if the victim’s IP address matches one found in the installer’s configuration file, the attackers can deliver a tainted version of the trojanized application. Otherwise, they deliver a legitimate version. The IPs on the list appear to correspond to Kurdish targets, according to the research. And as with previous StrongPity campaigns, the malware, once installed, has an “exfiltration…
0 0 govanguard https://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png govanguard2020-06-30 13:45:002020-06-30 13:45:00StrongPity APT Back with Kurdish-Aimed Watering Hole Attacks
Our Standard Office Hours
Monday – Friday: 8:00AM – 5:00PM EDT
Saturday – Sunday: Closed
Where to Find Us
Data Privacy Notice
- – All product names, logos, and brands are property of their respective owners.
- – The use of these names, logos, and brands is for identification purposes only and does not imply endorsement.
- – Content syndication and aggregation of public information is solely for the purpose of identifying information security trends, all syndicated content contains source links to the content creator website. All content is owned by it’s respective content creators.
- – If you are an owner of some content and want it to be removed, please email email@example.com