ESET: XDSpy, an APT team that has been stealing Europe since 2011

The researchers of the international company ς ESET εντόπισαν μια νέα ομάδα APT (advanced persistent threat) που κλέβει ευαίσθητα έγγραφα από κυβερνήσεις στην Ανατολική Ευρώπη και την περιοχή των Βαλκανίων από το 2011. H ομάδα XDSpy, όπως την ονόμασε η ESET, κατάφερε να μη γίνει αντιληπτή για εννέα χρόνια, κάτι που είναι αρκετά σπάνιο. Τα μέλη της ομάδας έχουν θέσει σε κίνδυνο πολλές κυβερνητικές υπηρεσίες και ιδιωτικές εταιρείες.

"The group had not attracted attention until now, with the exception of an advisory issued by the Belarusian CERT in February 2020," said Mathieu Faou, the ESET researcher who analyzed the software.

The XDSpy team uses spear-phishing as a method to attack its targets. Some of the emails it sends contain an attachment, while others contain a link that leads to a malicious file. The first level of the malicious file or attachment is a ZIP or RAR file.

In late June 2020, cybercriminals stepped up their efforts using CVE-2020-0968, an Internet vulnerability which was patched in April 2020. “During 2020, the group took advantage of the COVID-19 pandemic at least twice to launch attacks, including one instance just a month ago,” Faou adds.

"Since we did not detect any code similarities with other malware families and did not notice any overlap in the network infrastructure, we conclude that XDSpy is a group that has not been recorded before," concludes Faou.

The XDSpy group's targets are located in Eastern Europe and the Balkans. These are mainly government agencies, such as Armed Forces, Ministries of Foreign Affairs and private .

For more technical details about spyware, visit the relevant “blogpost ”At WeLiveSecurity.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by newsbot

Although the press releases will be from very select to rarely, I said to go ... because sometimes the authors are hiding.

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).