The researchers of the international cyber security company ESET have identified a new APT group (advanced persistent threat) που κλέβει ευαίσθητα έγγραφα από κυβερνήσεις στην Ανατολική Ευρώπη και την περιοχή των Βαλκανίων από το 2011. H ομάδα XDSpy, όπως την ονόμασε η ESET, κατάφερε να μη γίνει αντιληπτή για εννέα χρόνια, κάτι που είναι αρκετά σπάνιο. Τα μέλη της ομάδας έχουν θέσει σε κίνδυνο πολλές κυβερνητικές services and private companies.
"The team has not received much attention so far, with the exception of a piece of advice issued by Belarussian CERT in February 2020," said Mathieu Faou, an ESET researcher who analyzed the malware.
The XDSpy team uses ως μέθοδο το spear-Phishing to attack its targets. Some of the emails he sends contain an attached file, while others contain a link to a malicious file. The first level of the malicious file or attachment is a ZIP or RAR file.
In late June 2020, cybercriminals stepped up their efforts using CVE-2020-0968, a vulnerability in Internet Explorer that was patched in April 2020. “During 2020, the team exploited the COVID-19 pandemic at least two times to launch attacks, including one just a month ago," Faou adds.
“Since we did not detect any similarities code με άλλες οικογένειες κακόβουλου λογισμικού και δεν παρατηρήσαμε αλληλοεπικάλυψη στην υποδομή δικτύου, συμπεραίνουμε ότι η XDSpy είναι μια ομάδα που δεν έχει καταγραφεί προηγουμένως», καταλήγει ο Faou.
The targets of the XDSpy team are located in Eastern Europe and the Balkans. These are mainly government agencies, such as the Armed Forces, Foreign Ministries and private companies.
For more technical details about spyware, visit the relevant “blogpost ”At WeLiveSecurity.