DeathStalker APT Targets SMBs with Cyber Espionage

  /     /     /  
Publicated : 23/11/2024   Category : security


DeathStalker APT Targets SMBs with Cyber Espionage


The hacker-for-hire group, operating since at least 2012, primarily targets financial firms.



Small and midsize businesses (SMBs) should have a new advanced persistent threat (APT) on their collective radar: DeathStalker has been targeting SMBs in the financial sector since at least 2012.
Kaspersky researchers tracking the group since 2018 report DeathStalker has targeted companies around the world. Attackers dont seem motivated by financial gain; they dont deploy ransomware or steal payment data. The focus is sensitive business data, which could mean DeathStalker offers hacker-for-hire services, or serves as a sort of information broker, in financial circles, they write in a new analysis.
The group caught researchers attention with Powersing, a PowerShell-based implant. This is one of three malware families tied to DeathStalkers activity and the one researchers have used to track the group since 2018. The other two malware families, Evilnum and Janicab, were first reported by other security vendors. Code similarities and victimology among the three families enabled researchers to connect them to each other with medium confidence, they report.
DeathStalker uses tailored spear-phishing emails to deliver archives containing malicious files. When a victim executes the script, it downloads more components from the Internet to give attackers control over the machine. When Powersing lands on a device, it can take screenshots and execute PowerShell scripts. Depending on the security solution, it can also evade detection. 
Victim companies are primarily private entities in the financial space, including law offices, wealth consultancy firms, financial technology companies, and similar organizations. In one case, the group was seen targeting a diplomatic entity. Its believed DeathStalker chooses its victims based on perceived value or based on customer requests, though research believe any financial firm, regardless of location, could be at risk.
Read more details
here
.
 

Last News

▸ ArcSight prepares for future at user conference post HP acquisition. ◂
Discovered: 07/01/2025
Category: security

▸ Samsung Epic 4G: First To Use Media Hub ◂
Discovered: 07/01/2025
Category: security

▸ Many third-party software fails security tests ◂
Discovered: 07/01/2025
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
DeathStalker APT Targets SMBs with Cyber Espionage