Author Topic: StrongPity APT Returns with Retooled Spyware  (Read 14 times)

Offline Hardhead

  • Administrator
  • Hero Member
  • *****
  • Posts: 867
    • View Profile
StrongPity APT Returns with Retooled Spyware
« on: July 18, 2019, 02:47:45 am »
Author: Tara Seals
July 17, 2019 9:26 am

The group is using malicious versions of WinRAR and other legitimate software packages to infect targets, likely via watering-hole attacks.


The APT group behind the sophisticated malware known as StrongPity (a.k.a. Promethium) has mounted a fresh spyware campaign that is still ongoing as of July 2019. The group has retooled with new malware to control compromised machines, according to researchers.

“The new malware samples [first identified in early July] have been unreported and generally appear to have been created and deployed to targets following a toolset rebuild in response to the public reporting during the fourth quarter of 2018,” according to the analysis from AT&T’s Alien Labs division, released Wednesday and shared with Threatpost. “Based on compilation times, infrastructure build and use and public distribution of samples, we assess the activity continues to operate successfully as of this report.”

The revamped malware, which is now targeting users located in Turkey, is similar to the group’s hallmark StrongPity/Prometheus code, according to the research, with complete spyware capability. It’s built to locate sensitive documents while establishing a persistent backdoor for remote access.