Security News > 2021 > October > Lyceum APT Returns, This Time Targeting Tunisian Firms
The Lyceum threat group has resurfaced, this time with a weird variant of a remote-access trojan that doesn't have a way to talk to a command-and-control server and might instead be a new way to proxy traffic between internal network clusters.
Kaspersky's Mark Lechtik - senior security researcher at the company's Global Research & Analysis Team - said in a Monday post that the team has identified a new cluster of Lyceum activity that's focused on two entities in Tunisia.
Lyceum treads lightly but carries a big stick: "All the while it has kept a low profile, drawing little attention from security researchers," the trio of researchers wrote.
The Lyceum group was first exposed in 2019 by Secureworks, which spotted the group targeting Middle Eastern energy firms and telecoms with malware-laced spearphishing emails.
Kaspersky researchers said that they noticed certain similarities between Lyceum and the infamous state-sponsored campaign from the DNSpionage group, which scooped up credentials by targeting national security organizations across the Middle East and North Africa - and elsewhere - with domain name system hijacking attacks.
Lyceum hasn't ceased operation; rather, the group has "Attempted to gain a foothold on the targeted networks time and time again," the researchers said.