Security News > 2020 > June > StrongPity APT Back with Kurdish-Aimed Watering Hole Attacks

The APT group known as StrongPity is back with a new watering-hole campaign, targeting mainly Kurdish victims in Turkey and Syria.

The sheer variety of the trojanized applications on offer in the latest campaign is a method aimed at casting a wide net in terms of victims' interests, according to researchers at Bitdefender in a report released Tuesday.

Behind the scenes, StrongPity is using two types of servers, used to fulfill two main roles: Download servers that deliver the poisoned installer used in the initial compromise of victims; and C2 servers.

StrongPity was first publicly reported in October 2016, after attacks against users in Belgium and Italy where it used watering-hole attacks to deliver malicious versions of WinRAR and the TrueCrypt file encryption software.

Kaspersky researchers described the actor as a characteristic APT outfit using its share of zero-days vulnerabilities and modular attack tools to infiltrate victims and conduct espionage.

News URL

https://threatpost.com/strongpity-kurdish-watering-hole-attacks/157029/