Security researchers have discovered a new APT group that has been stealing sensitive information from Eastern European governments and businesses for over nine years.

Dubbed “XDSpy,” the group shares no similarities of malicious code, network infrastructure or regional targets with any known APT outfit, according to ESET.

It operates largely in a GMT+2 or +3 time zone, the same as its targets, and operatives work only Monday-Friday.

It focuses exclusively on spearphishing to compromise targets, although emails could contain malicious RAR or ZIP attachments or links.

On the one hand it has used the same malware architecture for nine years, with the main XDDown malware component downloaded to a victim computer from a C&C server. This installs additional plugins to gather basic info, crawl the C drive, exfiltrate local files, gather browser passwords and more.

However, on the other hand, it was recently spotted exploiting CVE-2020-0968. “At the time it was exploited by XDSpy, no proof-of-concept and very little information about this specific vulnerability was available online,” explained ESET. “We think that XDSpy either bought this exploit from a broker or developed a 1-day exploit themselves by looking at previous exploits for inspiration.”

The security vendor refused to speculate on who could be behind XDSpy. It is most interested in stealing information from government targets in Eastern Europe and the Balkans, including a February campaign against Belarussian institutions in February and Russian-speaking targets in September this year.

“The group has attracted very little public attention so far, with the exception of an advisory from the Belarusian CERT in February 2020,” said Mathieu Faou, ESET researcher. ““Since we did not find any code similarities with other malware families, and we did not observe any overlap in the network infrastructure, we conclude that XDSpy is a previously undocumented group.”

Source: https://www.infosecurity-magazine.com/news/apt-group-xdspy-targets-belarus/

Computer security, Advanced persistent threat, Computer

World news – US – New APT Group XDSpy Targets Belarus and Russian-Speakers

Building on its expertise in the areas of digital, technologies and processes , CSS Engineering you in your most ambitious transformation projects and helps you bring out new ideas, new offers, new modes of collaboration, new ways of producing and selling.

CSS Engineering is involved in projects each customer as if it were his own. We believe a consulting company should be more than an advisor. We put ourselves in the place of our customers, to align we incentives to their goals, and collaborate to unlock the full potential their business. This establishes deep relationships and enjoyable.

Our services:

  1. Create professional websites
  2. Hosting high performance and unlimited
  3. Sale and video surveillance cameras installation
  4. Sale and Installation of security system and alarm
  5. E-Marketing

All our achievements here https://www.css-engineering.com/en/works/

LEAVE A REPLY

Please enter your comment!
Please enter your name here