DeathStalker is presumably a hacker-for-hire group that targets victims from around the world further signifying the size of their operations. Despite their global targeting, this group focused in targeting Middle Eastern countries. Kaspersky has seen increased activity in the United Arab Emirates, Lebanon, and Turkey. Experts have also noticed that DeathStalker uses spear-phishing emails to target governments, capital markets, fintech, law firms and particularly SMBs.
DeathStalker is a unique threat group which mainly focuses on cyber-espionage against law firms and organizations in the financial sector. The threat actor is highly adaptive and notable for using an iterative toolset, making them able to execute effective campaigns. Based on Kaspersky’s analysis, the group potentially started in 2013 and is still active with evolving techniques.
“DeathStalker is a prime example of a threat actor that organizations in the private sector need to defend themselves against. It will continue to impact organizations in the Middle East and even those organizations that are not traditionally the most security-conscious need to be aware of becoming targets too. Its persona-based tactic is what sets it apart from the rest of the APT groups and at Kaspersky we urge businesses in the Middle East to stay vigilant of this threat.” Said Maher Yamout, Senior Security Researcher at Kaspersky.
Recent research enabled Kaspersky to link DeathStalker’s activity to three malware families, Powersing, Evilnum and Janicab, which demonstrates the breadth of the groups’ activity carried out since at least 2013. While Powersing malware family has been traced by Kaspersky since 2018, the other two malware families have been reported on by other cybersecurity vendors. Analysis of code similarities and victimology between the three malware families enabled the researchers to link them to each other with medium confidence.
Our experts at Kaspersky have noticed that these cyber-mercenaries use interactive social engineering to target users. The attacker doesn’t only send a phishing email with the hopes that the target will open it but keeps sending interactive emails with a pretext or a persona. It is a tactic used to gain victims’ attention and lure them to open malicious files.
There is no way of guaranteeing who is behind the keyboard sending malicious emails but a digital signature could solve this issue.
In order to avoid falling victim to a targeted attack by a known or unknown threat actor, Kaspersky researchers recommend implementing the following measures:
- Educate employees about phishing attacks: APTs start with a fraudulent email that gains access to your system. Deploy a training program that teaches employees what to look for, what to do and who to notify if they spot something suspicious.
- Ensure that the latest updates are installed: APT hackers look to exploit any weakness in a system, which is why it is important to run updates on all cybersecurity programs.
- Secure sensitive data: Take the additional safety measures to save your most sensitive information.
- Use application whitelisting tools to prevent unauthorized applications from running.
- Kaspersky recommends that future awareness training and security product assessments include infection chains based on LNK (shortcut) files.
Kaspersky is a global cybersecurity company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 250,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com
For further information, please contact:
© Press Release 2020
Disclaimer: The contents of this press release was provided from an external third party provider. This website is not responsible for, and does not control, such external content. This content is provided on an “as is” and “as available” basis and has not been edited in any way. Neither this website nor our affiliates guarantee the accuracy of or endorse the views or opinions expressed in this press release.
The press release is provided for informational purposes only. The content does not provide tax, legal or investment advice or opinion regarding the suitability, value or profitability of any particular security, portfolio or investment strategy. Neither this website nor our affiliates shall be liable for any errors or inaccuracies in the content, or for any actions taken by you in reliance thereon. You expressly agree that your use of the information within this article is at your sole risk.
To the fullest extent permitted by applicable law, this website, its parent company, its subsidiaries, its affiliates and the respective shareholders, directors, officers, employees, agents, advertisers, content providers and licensors will not be liable (jointly or severally) to you for any direct, indirect, consequential, special, incidental, punitive or exemplary damages, including without limitation, lost profits, lost savings and lost revenues, whether in negligence, tort, contract or any other theory of liability, even if the parties have been advised of the possibility or could have foreseen any such damages.