A sequence of highly-targeted espionage assaults in North Africa has been linked to a beforehand undisclosed modular backdoor known as “Stealth Soldier.”
Focusing on primarily people in Libya, the brand new marketing campaign focuses on surveillance operations, based on a brand new advisory printed right now by Verify Level Analysis (CPR).
Specifically, the Stealth Soldier backdoor options file exfiltration, display and microphone recording, keystroke logging and stealing browser data capabilities.
The CPR workforce highlighted one important discovering: the infrastructure related to Stealth Soldier exhibits similarities with the infrastructure utilized by a earlier marketing campaign generally known as “Eye on the Nile.”
The latter assaults focused Egyptian civilian society in 2019, however the similarities with Stealth Soldier recommend a doable re-appearance of the identical risk actor after a protracted hiatus.
“We’re seeing a rise within the charge of cyber-attacks in North Africa,” commented Sergey Shykevich, risk intelligence group supervisor at Verify Level Software program.
“What’s attention-grabbing is that this new Stealth Soldier malware signifies a re-emergence of a risk actor from 2019 which operated towards Egyptian civilian society.”
CPR found totally different variations of the backdoor, with the newest being Model 9, seemingly delivered in February 2023. The oldest model discovered was Model 6, compiled in October 2022.
The malware’s command and management (C&C) servers look like linked to a extra intensive set of domains, a few of which masquerade as websites belonging to the Libyan Overseas Affairs Ministry, indicating the usage of phishing campaigns.
Learn extra on related threats: Social Media Phishing – The 2023 Cybersecurity Menace
The safety researchers added that these findings underscore the significance of sturdy cybersecurity measures to counter focused espionage assaults, notably in areas the place such threats are prevalent.
“The investigation means that the attackers behind this marketing campaign are politically motivated and are using the Stealth Soldier malware and a major community of phishing domains to conduct surveillance and espionage operations towards Libyan and Egyptian targets,” reads the advisory.
“Given the modularity of the malware and the usage of a number of levels of an infection, it’s seemingly that the attackers will proceed to evolve their ways and strategies and deploy new variations of this malware within the close to future.”
The CPR advisory contains Indicators of Compromise (IOCs) that may help corporations in detecting and countering the Stealth Soldier risk.
A separate marketing campaign concentrating on North Africa (and the Center East) is Earth Bogle, which relied on Center Jap geopolitical-themed lures to distribute NjRAT.
