Security researchers have discovered a new APT group that has been stealing sensitive information from Eastern European governments and businesses for over nine years.

Dubbed “XDSpy,” the group shares no similarities of malicious code, network infrastructure or regional targets with any known APT outfit, according to ESET.

It operates largely in a GMT+2 or +3 time zone, the same as its targets, and operatives work only Monday-Friday.

It focuses exclusively on spearphishing to compromise targets, although emails could contain malicious RAR or ZIP attachments or links.

On the one hand it has used the same malware architecture for nine years, with the main XDDown malware component downloaded to a victim computer from a C&C server. This installs additional plugins to gather basic info, crawl the C drive, exfiltrate local files, gather browser passwords and more.

However, on the other hand, it was recently spotted exploiting CVE-2020-0968. “At the time it was exploited by XDSpy, no proof-of-concept and very little information about this specific vulnerability was available online,” explained ESET. “We think that XDSpy either bought this exploit from a broker or developed a 1-day exploit themselves by looking at previous exploits for inspiration.”

The security vendor refused to speculate on who could be behind XDSpy. It is most interested in stealing information from government targets in Eastern Europe and the Balkans, including a February campaign against Belarussian institutions in February and Russian-speaking targets in September this year.

“The group has attracted very little public attention so far, with the exception of an advisory from the Belarusian CERT in February 2020,” said Mathieu Faou, ESET researcher. ““Since we did not find any code similarities with other malware families, and we did not observe any overlap in the network infrastructure, we conclude that XDSpy is a previously undocumented group.”

Source: https://www.infosecurity-magazine.com/news/apt-group-xdspy-targets-belarus/

Computer security, Advanced persistent threat, Computer

World news – US – New APT Group XDSpy Targets Belarus and Russian-Speakers

En s’appuyant sur ses expertises dans les domaines du digital, des technologies et des process , CSS Engineering vous accompagne dans vos chantiers de transformation les plus ambitieux et vous aide à faire émerger de nouvelles idées, de nouvelles offres, de nouveaux modes de collaboration, de nouvelles manières de produire et de vendre.

CSS Engineering s’implique dans les projets de chaque client comme si c’était les siens. Nous croyons qu’une société de conseil devrait être plus que d’un conseiller. Nous nous mettons à la place de nos clients, pour aligner nos incitations à leurs objectifs, et collaborer pour débloquer le plein potentiel de leur entreprise. Cela établit des relations profondes et agréables.

Nos services:

  1. Création des sites web professionnels
  2. Hébergement web haute performance et illimité
  3. Vente et installation des caméras de vidéo surveillance
  4. Vente et installation des système de sécurité et d’alarme
  5. E-Marketing

Toutes nos réalisations ici https://www.css-engineering.com/en/works/

LEAVE A REPLY

Please enter your comment!
Please enter your name here