Geeks for your information News Privacy & Security News v
Hacker-for-Hire StrongPity APT Going Global with its New Infrastructure
Hacker-for-Hire StrongPity APT Going Global with its New Infrastructure
DTinn8 Offline
Junior Member
**
Posts: 20
Threads: 9
Thanks Received: 20 in 13 posts
Thanks Given: 4
Joined: 27 December 18
#1
07 January 21, 04:38
Quote:StrongPity, an APT group active since at least 2012 and first publically reported in 2016, has mostly focused on countries like Italy and Belgium. However, it has now expanded its scope of attack across Northern Africa, Europe, Asia, and Canada as well.
Quick infoThe APT focuses on finding and exfiltrating data from infected machines and runs a series of fake websites that lure users with an array of software tools. These tools are trojanized versions of genuine applications.
  • The APT selectively targets victims using a predefined IP list. If a victim’s IP address matches the one in the installer’s configuration file, the group delivers a trojanized version of the application, otherwise a legitimate version.
  • Once installed, the malware triggers an exfiltration component that executes a file-searching mechanism tasked for looping via drives, looking for files with some specific extensions defined by attackers.
  • If found, the files are stored in a temporary (.ZIP) archive. Then, split into hidden (.SFT) encrypted files and sent to the C2 server. Finally, these files are deleted from the disk to hide any evidence of exfiltration.
  • The APT uses two types of servers - download servers that propagate the malicious installer used in the initial compromise of victims and C2 servers.
Hacker-for-hire groupsBesides StrongPity, there are several other hacker-for-hire mercenary groups that are actively offering their services and have been observed expanding their scope of attacks.
  • A hacker-for-hire group DeathStalker was observed using a new PowerShell backdoor in their attacks, in early-December.
  • CostaRicto was found operating a global espionage campaign on multiple continents.
ConclusionHackers-for-hire mercenaries are now becoming popular and many nation-states have been found using their services for espionage. Thus, experts suggest organizations stay protected by deploying web and email filters on the network, segmentation of any critical networks, and advising their employees to use legitimate software downloaded from official sources only.

Source: https://cyware.com/news/hacker-for-hire-...e-86298602
[-] The following 1 user says Thank You to DTinn8 for this post:
  • harlan4096
Find
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:

[-]
Recent Posts
Privazer 4.0.120.2
Privazer 4.0.120.2...harlan4096 — 07:30
Brave 1.88.138 (Chromium 146.0.7680.178)
Release v1.88.138 ...harlan4096 — 07:28
Opera 129.0.5823.44
Hello! New Oper...harlan4096 — 07:27
Microsoft Edge 146.0.3856.97
Version 146.0.3856...harlan4096 — 07:26
AnyDesk 8.0.2 for Linux
Version 8.0.2 for ...harlan4096 — 07:25

[-]
Birthdays
Today's Birthdays
avatar (48)cticigges
avatar (50)ecoFit
avatar (44)soccejeS
Upcoming Birthdays
avatar (45)wapedDow
avatar (49)oapedDow
avatar (42)Sanchowogy
avatar (46)MeighGoask
avatar (47)creatralGuelm
avatar (38)procnipsut
avatar (44)accenwibly
avatar (41)ahyvily
avatar (38)urumahiz
avatar (44)techlignub
avatar (43)Stevenmam
avatar (50)onlinbah
avatar (50)fuspeukChark
avatar (44)werriewWaiNg
avatar (38)Freemanleo
avatar (43)cdoubapKit
avatar (38)lystraPonia
avatar (31)smith8395john
avatar (51)steakelask
avatar (45)Termoplenka
avatar (43)bycoPaist
avatar (49)pieloKat
avatar (43)ilyagNeexy
avatar (51)donitascene
avatar (51)burntLaw
avatar (41)MrDoorsskibheeds
avatar (51)Toligo
avatar (46)Rodneykak
avatar (49)tradeSmode
avatar (39)vemedProkbior
avatar (38)RobertUtelt
avatar (46)JamesZic
avatar (43)Sanfordbup
avatar (38)Der.Reisende
avatar (36)Kiran78

[-]
Online Staff
There are no staff members currently online.

>