kurosaki ichigo Rare Rare Posted June 11, 2023 Share Founder Posted June 11, 2023 Check Point Research has discovered a sequence of cyberespionage attacks using a previously undisclosed backdoor named Stealth Soldier targeting Libyan organizations. This advanced malicious software is a customized modular backdoor that possesses surveillance capabilities. Libyan organizations as the target and the malware infrastructure indicate the potential return of a threat actor referred to as "The Eye on the Nile." which was seen in action in 2019. Diving into details The Command and Control (C&C) network of Stealth Soldier is a component of a broader infrastructure that has been used, at least partially, for spear-phishing attacks targeting government entities. The infection commences with the downloader, which initiates the attack chain. While the precise method of delivery used by the downloader remains undisclosed, social engineering is considered a likely possibility. The most recent version of the implant was reportedly compiled in February 2023. The malware's infection procedure encompasses the retrieval of numerous files from the C&C server, including the loader, watchdog, and payload. Let’s discuss its versions Security experts have identified three distinct infection chains involving three different versions of Stealth Soldier malware: 6, 8, and 9. Different versions vary by factors such as filenames, mutex names, XOR keys, and directory names. Moreover, there is a discrepancy in the values assigned to the SOFTWARE\Microsoft\Windows\CurrentVersion\Run registry key for persistence: "Cache" for Version 6 "WinUpdate" for Version 8 "DevUpdate" for Version 9 Nonetheless, the overall flow follows a similar pattern for different versions and exhibits the same underlying logic. Attribution Check Point Research uncovered similarities between the present operation and the previously identified "Eye on the Nile" campaign, which Amnesty International and Check Point Research had associated with government-affiliated entities. The presence of overlapping infrastructure implies a potential correlation between these two campaigns, highlighting the tenacity and flexibility of the threat actor responsible for their orchestration. The bottom line The recent Stealth Soldier malware campaign directed at Libyan organizations underscores the growing complexity of cyberespionage activities. The utilization of personalized backdoors and advanced surveillance functionalities presents substantial risks to the data security and privacy of the entities being targeted. 1 1 Trophies and Medals Link to comment Share on other sites More sharing options...
scrapedcookie Rare Rare Posted July 2, 2023 Share Posted July 2, 2023 Checkpoint of all companies? 1 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now