DeathStalker APT Targets SMBs with Cyber Espionage

The hacker-for-hire group, operating since at least 2012, primarily targets financial firms.

Small and midsize businesses (SMBs) should have a new advanced persistent threat (APT) on their collective radar: DeathStalker has been targeting SMBs in the financial sector since at least 2012.
Kaspersky researchers tracking the group since 2018 report DeathStalker has targeted companies around the world. Attackers dont seem motivated by financial gain; they dont deploy ransomware or steal payment data. The focus is sensitive business data, which could mean DeathStalker offers hacker-for-hire services, or serves as a sort of information broker, in financial circles, they write in a new analysis.
The group caught researchers attention with Powersing, a PowerShell-based implant. This is one of three malware families tied to DeathStalkers activity and the one researchers have used to track the group since 2018. The other two malware families, Evilnum and Janicab, were first reported by other security vendors. Code similarities and victimology among the three families enabled researchers to connect them to each other with medium confidence, they report.
DeathStalker uses tailored spear-phishing emails to deliver archives containing malicious files. When a victim executes the script, it downloads more components from the Internet to give attackers control over the machine. When Powersing lands on a device, it can take screenshots and execute PowerShell scripts. Depending on the security solution, it can also evade detection.
Victim companies are primarily private entities in the financial space, including law offices, wealth consultancy firms, financial technology companies, and similar organizations. In one case, the group was seen targeting a diplomatic entity. Its believed DeathStalker chooses its victims based on perceived value or based on customer requests, though research believe any financial firm, regardless of location, could be at risk.
Read more details
here
.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
DeathStalker APT Targets SMBs with Cyber Espionage