Jump to content
  • A powerful new malware backdoor is targeting governments across the world

    aum

    • 392 views
    • 2 minutes
     Share


    • 392 views
    • 2 minutes

    StealthFalcon is back with brand new modular malware.

     

    Cybersecurity researchers from ESET have discovered a new, sophisticated piece of malware targeting government organizations in the Middle East. 

     

    The malware is dubbed Deadglyph, and apparently is the work of Stealth Falcon APT, a state-sponsored threat actor allegedly from the United Arab Emirates (UAE). This group is also known among some researchers as Project Raven, or FruityArmor, BleepingComputer reports, and targets political activists, journalists, dissidents, and similar individuals. 

     

    In its technical writeup, ESET’s researchers explained that Deadglyph is a modular piece of malware, capable of receiving additional modules from its command & control (C2) server, depending on what the operators look to grab from the target endpoint. The modules can use both Windows and custom Executor APIs, meaning the threat actors can use at least a dozen functions. Some of them include loading executable files, accessing Token Impersonation, running encryption, hashing, and more.

     

    Multiple modules


    ESET analyzed three modules - a process creator, an information collector, and a file reader. The collector, for example, can tell the threat actors which operating system the victim is using, which network adapters the endpoint has, which software and drivers it has installed, and more. The researchers believe up to 14 modules are available. 

     

    There is no word on potential targets, other than the malware was found on a device belonging to a government firm. Earlier reports, however, describe Stealth Falcon as a decade-old threat actor (in operation since at least 2012) that targets political activists and journalists - not government employees. 

     

    In 2019, ESET analyzed one of StealthFalcon’s campaigns, concluding that the targets, although small in number, were scattered around the world - in UAE, Saudi Arabia, Thailand, and the Netherlands. In the latter, though, the group targeted a diplomatic mission of a Middle Eastern country. 

    At the moment there is no information on how the hackers managed to infiltrate the target devices. For now, IT teams can only use indicators of compromise published here. 

     

    Via BleepingComputer

     

    Source


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...