DeathStalker: a detailed look at a mercenary APT group that targets businesses in the Middle East

PHOTO

DeathStalker is presumably a hacker-for-hire group that targets victims from around the world further signifying the size of their operations. Despite their global targeting, this group focused in targeting Middle Eastern countries. Kaspersky has seen increased activity in the United Arab Emirates, Lebanon, and Turkey. Experts have also noticed that DeathStalker uses spear-phishing emails to target governments, capital markets, fintech, law firms and particularly SMBs.

DeathStalker is a unique threat group which mainly focuses on cyber-espionage against law firms and organizations in the financial sector. The threat actor is highly adaptive and notable for using an iterative toolset, making them able to execute effective campaigns. Based on Kaspersky’s analysis, the group potentially started in 2013 and is still active with evolving techniques.

“DeathStalker is a prime example of a threat actor that organizations in the private sector need to defend themselves against. It will continue to impact organizations in the Middle East and even those organizations that are not traditionally the most security-conscious need to be aware of becoming targets too. Its persona-based tactic is what sets it apart from the rest of the APT groups and at Kaspersky we urge businesses in the Middle East to stay vigilant of this threat.” Said Maher Yamout, Senior Security Researcher at Kaspersky.

Recent research enabled Kaspersky to link DeathStalker’s activity to three malware families, Powersing, Evilnum and Janicab, which demonstrates the breadth of the groups’ activity carried out since at least 2013. While Powersing malware family has been traced by Kaspersky since 2018, the other two malware families have been reported on by other cybersecurity vendors. Analysis of code similarities and victimology between the three malware families enabled the researchers to link them to each other with medium confidence.

Our experts at Kaspersky have noticed that these cyber-mercenaries use interactive social engineering to target users. The attacker doesn’t only send a phishing email with the hopes that the target will open it but keeps sending interactive emails with a pretext or a persona. It is a tactic used to gain victims’ attention and lure them to open malicious files.

There is no way of guaranteeing who is behind the keyboard sending malicious emails but a digital signature could solve this issue.

In order to avoid falling victim to a targeted attack by a known or unknown threat actor, Kaspersky researchers recommend implementing the following measures:

Educate employees about phishing attacks: APTs start with a fraudulent email that gains access to your system. Deploy a training program that teaches employees what to look for, what to do and who to notify if they spot something suspicious.
Ensure that the latest updates are installed: APT hackers look to exploit any weakness in a system, which is why it is important to run updates on all cybersecurity programs.
Secure sensitive data: Take the additional safety measures to save your most sensitive information.
Use application whitelisting tools to prevent unauthorized applications from running.
Kaspersky recommends that future awareness training and security product assessments include infection chains based on LNK (shortcut) files.

-Ends-

About Kaspersky

Kaspersky is a global cybersecurity company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 250,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com

For further information, please contact:
Sweta Fernandes
Account Executive
Golin
KasperskyTeam@golin.ae

Send us your press releases to pressrelease.zawya@refinitiv.com

Disclaimer: The contents of this press release was provided from an external third party provider. This website is not responsible for, and does not control, such external content. This content is provided on an “as is” and “as available” basis and has not been edited in any way. Neither this website nor our affiliates guarantee the accuracy of or endorse the views or opinions expressed in this press release.

The press release is provided for informational purposes only. The content does not provide tax, legal or investment advice or opinion regarding the suitability, value or profitability of any particular security, portfolio or investment strategy. Neither this website nor our affiliates shall be liable for any errors or inaccuracies in the content, or for any actions taken by you in reliance thereon. You expressly agree that your use of the information within this article is at your sole risk.

To the fullest extent permitted by applicable law, this website, its parent company, its subsidiaries, its affiliates and the respective shareholders, directors, officers, employees, agents, advertisers, content providers and licensors will not be liable (jointly or severally) to you for any direct, indirect, consequential, special, incidental, punitive or exemplary damages, including without limitation, lost profits, lost savings and lost revenues, whether in negligence, tort, contract or any other theory of liability, even if the parties have been advised of the possibility or could have foreseen any such damages.

DeathStalker: a detailed look at a mercenary APT group that targets businesses in the Middle East

DISCOVER MORE

Tabuk certified “Healthy City” by WHO

Empowering traders globally: CFI redefines online trading with tradingview integration

Daikin extends special support to flood-affected communities to restore air conditioning systems

Stellantis MEA elevates customer experience with inaugural customer centricity competition

Aamal Company Q.P.S.C. financial results for the first quarter ended 31 March 2024

More than 300 startups to participate in 2024 AIM Congress in Abu Dhabi

Bayanat, Autonomous a2z stun DRIFTx visitors by remotely driving vehicle 7,000 kilometers away

Mohammed Bin Rashid Arabic Language Award to participate in ADIBF 2024

Victor moves headquarters to Abu Dhabi

Bitget Wallet’s COO explained web3 security strategies at Dubai conference

Albal Design launches UAE's first science based interior design concept

AMWAJ Development enters Dubai real estate market with the launch of Starlight Park in Meydan

Binghatti launches its debut project adjacent to Dubai Hills

India plans curbs on suspect bank accounts to fight cyber fraud, sources say

UAE: More than 83mln cyber threats detected, blocked

Online site blocking bill pushed to curb digital piracy in Philippines

UAE: Education, aviation, healthcare most vulnerable to cyberattacks, say experts

Forum highlights need to secure telecom networks from cyberattacks in Oman

LATEST VIDEO

VIDEO: Expect more extreme weather threats like UAE floods worldwide – Climate expert

ZAWYA COVERAGE

Kuwait's Agility Global to begin trading on ADX from May 2

Saudi Arabia's Rawabi Holding raises $320mln in sukuk

SHUAA Capital chairman steps down after nearly five years

Sustainable projects to drive up capex of GCC oil companies by up to $25bn per year

Death toll in migrant boat capsize off Djibouti rises to 24: UN

Greece prepared to help Paris Olympics security

President, fan support key in decision to stay: Barca coach Xavi

Ukraine, Russia exchange fire, at least seven dead

Israel intensifies strikes on Gaza's Rafah ahead of threatened invasion

THE BRI REPORT

China’s flagship global infrastructure initiative is changing in the face of potent headwinds