Security News > 2020 > June > Advanced StrongPity Hackers Target Syria and Turkey with Retooled Spyware

Cybersecurity researchers today uncovered new details of watering hole attacks against the Kurdish community in Syria and Turkey for surveillance and intelligence exfiltration purposes.

The APT has been linked to a 2018 operation that abused Türk Telekom's network to redirect hundreds of users in Turkey and Syria to malicious StrongPity versions of authentic software.

Last July, AT&T Alien Labs found evidence of a fresh spyware campaign that exploited trojanized versions of WinBox router management software and WinRAR file archiver to install StrongPity and communicate with the adversary infrastructure.

The new attack method identified by Bitdefender remains the same: target victims in Turkey and Syria using predefined IP list by leveraging tampered installers - including McAfee Security Scan Plus, Recuva, TeamViewer, WhatsApp, and Piriform's CCleaner - hosted on localized software aggregates and sharers.

Expanding Beyond Syria and Turkey Although Syria and Turkey may be their recurring targets, the threat actor behind StrongPity appears to be expanding their victimology to infect users in Colombia, India, Canada, and Vietnam using tainted versions of Firefox, VPNpro, DriverPack, and 5kPlayer.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/6trGj-Kh3ac/strongpity-syria-turkey-hackers.html