A sequence of remarkably-qualified espionage attacks in North Africa has been connected to a beforehand undisclosed modular backdoor named “Stealth Soldier.”
Targeting principally persons in Libya, the new campaign focuses on surveillance operations, in accordance to a new advisory released these days by Check Place Study (CPR).
In individual, the Stealth Soldier backdoor features file exfiltration, screen and microphone recording, keystroke logging and thieving browser facts capabilities.
The CPR workforce highlighted a person major obtaining: the infrastructure associated with Stealth Soldier reveals similarities with the infrastructure made use of by a earlier marketing campaign identified as “Eye on the Nile.”
The latter attacks targeted Egyptian civilian culture in 2019, but the similarities with Stealth Soldier propose a feasible re-appearance of the exact same danger actor just after a extensive hiatus.
“We’re seeing an increase in the price of cyber-attacks in North Africa,” commented Sergey Shykevich, risk intelligence team manager at Examine Place Software.
“What’s appealing is that this new Stealth Soldier malware signifies a re-emergence of a danger actor from 2019 which operated versus Egyptian civilian modern society.”
CPR identified distinct variations of the backdoor, with the hottest remaining Version 9, likely shipped in February 2023. The oldest variation identified was Variation 6, compiled in October 2022.
The malware’s command and manage (C&C) servers seem to be related to a extra intensive established of domains, some of which masquerade as sites belonging to the Libyan Overseas Affairs Ministry, indicating the use of phishing strategies.
Read far more on very similar threats: Social Media Phishing – The 2023 Cybersecurity Danger
The security researchers added that these results underscore the importance of sturdy cybersecurity actions to counter targeted espionage attacks, specifically in areas exactly where these kinds of threats are commonplace.
“The investigation suggests that the attackers powering this campaign are politically enthusiastic and are utilizing the Stealth Soldier malware and a major network of phishing domains to carry out surveillance and espionage operations versus Libyan and Egyptian targets,” reads the advisory.
“Given the modularity of the malware and the use of many phases of infection, it is very likely that the attackers will continue to evolve their methods and techniques and deploy new versions of this malware in the in the vicinity of upcoming.”
The CPR advisory contains Indicators of Compromise (IOCs) that can help businesses in detecting and countering the Stealth Soldier risk.
A different campaign focusing on North Africa (and the Center East) is Earth Bogle, which relied on Center Eastern geopolitical-themed lures to distribute NjRAT.
Some pieces of this post are sourced from: