May 28, 2023

StrongPity, an APT group active since at least 2012 and first publically reported in 2016, has mostly focused on countries like Italy and Belgium. Now expanded its scope of attack across Northern Africa, Europe, Asia, and Canada

Quick Review

StrongPity focuses on finding and exfiltrating data from infected machines and runs a series of fake websites that lure users with an array of software tools. These tools are trojanized versions of genuine applications.

  • The APT selectively targets victims using a predefined IP list. If a victim’s IP address matches the one in the installer’s configuration file, the group delivers a trojanized version of the application, otherwise a legitimate version.
  • Once installed, the malware triggers an exfiltration component that executes a file-searching mechanism tasked for looping via drives, looking for files with some specific extensions defined by attackers.
  • If found, the files are stored in a temporary (.ZIP) archive. Then, split into hidden (.SFT) encrypted files and sent to the C2 server. Finally, these files are deleted from the disk to hide any evidence of exfiltration.
  • The APT uses two types of servers – download servers that propagate the malicious installer used in the initial compromise of victims and C2 servers.

Hacker-for-hire groups

Besides StrongPity, there are several other hacker-for-hire mercenary groups that are actively offering their services and have been observed expanding their scope of attacks.

  • A hacker-for-hire group Death Stalker was observed using a new PowerShell backdoor in their attacks, in early-December.
  • CostaRica was found operating a global espionage campaign on multiple continents.

Conclusion

Hackers-for-hire mercenaries are now becoming popular and many nation-states have been found using their services for espionage. Thus, experts suggest organizations stay protected by deploying web and email filters on the network, segmentation of any critical networks, and advising their employees to use legitimate software downloaded from official sources 

Tags:

1 thought on “StrongPity APT .. Hackers on Hire

  1. Pingback: Malicious Notepad++ plugins enables persistence - TheCyberThrone

Leave a Reply

You may have missed

Zyxel Patches Critical Buffer Overflow Vulnerability

Zyxel Patches Critical Buffer Overflow Vulnerability

May 27, 2023
Apria Data Breach affects 2 million customers

Apria Data Breach affects 2 million customers

May 27, 2023
CosmicEnergy Malware Shutting Electric grid

CosmicEnergy Malware Shutting Electric grid

May 27, 2023
Operation Magalenha from Brazil

Operation Magalenha from Brazil

May 27, 2023
Buhti Ransomware Dissection

Buhti Ransomware Dissection

May 26, 2023
Volt Typhoon – Chinese Threat Actor Targetting US Infra

Volt Typhoon – Chinese Threat Actor Targetting US Infra

May 25, 2023
%d bloggers like this: