A collection of very-targeted espionage assaults in North Africa has been linked to a formerly undisclosed modular backdoor referred to as “Stealth Soldier.”
Focusing on largely men and women in Libya, the new marketing campaign focuses on surveillance operations, in accordance to a new advisory printed currently by Check out Issue Investigation (CPR).
In unique, the Stealth Soldier backdoor functions file exfiltration, screen and microphone recording, keystroke logging and thieving browser facts capabilities.
The CPR staff highlighted just one sizeable finding: the infrastructure related with Stealth Soldier exhibits similarities with the infrastructure utilized by a previous marketing campaign recognised as “Eye on the Nile.”
The latter attacks focused Egyptian civilian culture in 2019, but the similarities with Stealth Soldier counsel a attainable re-overall look of the same threat actor right after a extensive hiatus.
“We’re seeing an increase in the charge of cyber-attacks in North Africa,” commented Sergey Shykevich, menace intelligence team manager at Test Place Software package.
“What’s attention-grabbing is that this new Stealth Soldier malware signifies a re-emergence of a danger actor from 2019 which operated towards Egyptian civilian modern society.”
CPR uncovered distinctive variations of the backdoor, with the latest remaining Model 9, probable delivered in February 2023. The oldest edition found was Version 6, compiled in October 2022.
The malware’s command and management (C&C) servers look to be related to a a lot more comprehensive set of domains, some of which masquerade as websites belonging to the Libyan International Affairs Ministry, indicating the use of phishing strategies.
Browse much more on very similar threats: Social Media Phishing – The 2023 Cybersecurity Menace
The security scientists included that these findings underscore the importance of sturdy cybersecurity actions to counter targeted espionage attacks, specially in areas exactly where these threats are widespread.
“The investigation implies that the attackers driving this marketing campaign are politically enthusiastic and are using the Stealth Soldier malware and a considerable network of phishing domains to conduct surveillance and espionage functions from Libyan and Egyptian targets,” reads the advisory.
“Given the modularity of the malware and the use of numerous stages of infection, it is likely that the attackers will continue on to evolve their ways and tactics and deploy new variations of this malware in the close to future.”
The CPR advisory consists of Indicators of Compromise (IOCs) that can assist providers in detecting and countering the Stealth Soldier menace.
A different marketing campaign concentrating on North Africa (and the Center East) is Earth Bogle, which relied on Center Japanese geopolitical-themed lures to distribute NjRAT.
Some parts of this article are sourced from:
www.infosecurity-journal.com