Researchers at cybersecurity company ESET have identified a new APT (advanced persistent threat) group that has been stealing sensitive documents from governments in Eastern Europe and the Balkan region since 2011.
The “XDSpy” group, as ESET called it, managed not to be noticed for nine years, which is quite rare. Team members have put many government agencies and private companies at risk.
“The group had not attracted attention so far, with the exception of an advisory issued by the Belarusian CERT in February 2020”,
said Mathieu Faou, the ESET researcher who analyzed the malware.
The “XDSpy” group uses “spear-phishing” as a method to attack its targets; some of the emails it sends contain an attached file, while others contain a link that points to a malicious file; the first level of the malicious file or attachment is a “ZIP” or “RAR” file.
At the end of June 2020, cybercriminals intensified their efforts using “CVE-2020-0968”, a vulnerability in Internet Explorer that was fixed in April 2020.
“In 2020, the group took advantage of the COVID-19 pandemic at least twice to launch attacks, including one case just a month ago”,
“Since we did not detect code similarities with other malware families and did not notice overlap in the network infrastructure, we conclude that “XDSpy” is a group that has not been previously recorded”,
The targets of the “XDSpy” group are located in Eastern Europe and the Balkans. These are mainly government agencies, such as the Armed Forces, Foreign Ministries and private companies.
For more technical details about spyware, visit the relevant “blogpost” on WeLiveSecurity.
(Συνολικές Επισκέψεις: / Total Visits: 11)
(Σημερινές Επισκέψεις: / Today's Visits: 1)