The hacker-for-hire group, operating since at least 2012, primarily targets financial firms.
Small and midsize businesses (SMBs) should have a new advanced persistent threat (APT) on their collective radar: DeathStalker has been targeting SMBs in the financial sector since at least 2012.
Kaspersky researchers tracking the group since 2018 report DeathStalker has targeted companies around the world. Attackers don't seem motivated by financial gain; they don't deploy ransomware or steal payment data. The focus is sensitive business data, which could mean DeathStalker offers hacker-for-hire services, or serves as a sort of "information broker," in financial circles, they write in a new analysis.
The group caught researchers' attention with Powersing, a PowerShell-based implant. This is one of three malware families tied to DeathStalker's activity and the one researchers have used to track the group since 2018. The other two malware families, Evilnum and Janicab, were first reported by other security vendors. Code similarities and victimology among the three families enabled researchers to connect them to each other "with medium confidence," they report.
DeathStalker uses tailored spear-phishing emails to deliver archives containing malicious files. When a victim executes the script, it downloads more components from the Internet to give attackers control over the machine. When Powersing lands on a device, it can take screenshots and execute PowerShell scripts. Depending on the security solution, it can also evade detection.
Victim companies are primarily private entities in the financial space, including law offices, wealth consultancy firms, financial technology companies, and similar organizations. In one case, the group was seen targeting a diplomatic entity. It's believed DeathStalker chooses its victims based on perceived value or based on customer requests, though research believe any financial firm, regardless of location, could be at risk.
Read more details here.
About the Author(s)
You May Also Like
The fuel in the new AI race: Data
April 23, 2024Securing Code in the Age of AI
April 24, 2024Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024