• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • March 6th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Technology News
Social Network News

Pro-Assad Hackers Used Female Avatars To Steal Data From Syrian Opposition

February 4th, 2015 Waqas Cyber Events, Malware, News, Privacy, Security, Social Network News, Surveillance, Technology News 0 comments
Pro-Assad Hackers Used Female Avatars To Steal Data From Syrian Opposition
Share on FacebookShare on Twitter

It has been found by researchers that a hacking operation has been conducted targeting military intelligence so as to collect it for Pro-Assad parties in the Syrian conflict.

FireEye, a security firm, released on Monday a report (PDF) telling in detail about the threat group which finally stole a cache of sensitive data which contained documents and more than 31,000 logged Skype chat sessions in which some revealed tactical battle plans against Syrian President Bashar al-Assad’s forces. It was between November 2013 and January 2014 that saw the group’s data exfiltration efforts where the victims ranged from armed opposition members to humanitarian aid workers and media activists in and outside of Syria, FireEye reported.

Malware was distributed to the hackers’ targets through some kind of social engineering. This was revealed through a report called “Behind the Syrian Conflict’s Digital Front Lines”.

At some point in the conversation, the targets were tempted to open personal photos of apparently beautiful and sympathetic women that were actually malware, shown using female Skype avatars by the attackers.

It was noted by the report that attackers frequently asked the victims whether they were on their computers or mobile devices and then sent the malware accordingly. FireEye researchers observed this threat group aiming against the Syrian opposition with Android malware for the first time according to the report.

The DarkComet remote access Trojan (RAT) and a customized keylogger were among the cruel tools that formed the collection of the threat group’s arsenal.

It was further explained in a Monday review with SCMagazine.com by Nart Villeneuve, a researcher and co-author of the threat report, that the attackers injected DarkComet into the memory of machines by covering it [RAT] up in another piece of software.

Villeneuve also said that the custom dropper used to install DarkComet was never seen by researchers to have been used by any other Syrian related malware groups.

The report, on further scrutiny by FireEye, revealed that the threat group was conveniently capable of attaining huge collections of data through breaking into only a small number of systems as the opposition shared computers for accessing satellite-based internet. Although it was tough to analyze the exact number of victims in the campaign, it was estimated by Villeneuve to be perhaps 28 computers that were compromised by the threat group leaving 64 Skype databases vulnerable to attackers which was due to the fact that multiple people used the same computers.

In the interview, Villeneuve told that the attackers also exfiltrated documents like Excel sheets and photos.

Finally, the report emphasized the fact that the campaign was something more than just a cyberespionage directed towards achieving an edge over information or a strategic goal.

In contrast, the report said that the threat gives way to actionable military intelligence to be used for an immediate battlefield advantage in the midst of the conflict taking place. The report went on by adding that this “tactical edge comes with a potentially devastating human cost”. Attackers have got military-related data trapped that includes information about military hardware and positions of

fighting groups along with the fighters’ names and weapon systems, lists of refuges aid recipients and casualties, records for humanitarian efforts and funding, and political strategy and military planning communications.

Researchers gave a detailed explanation in appendix A of the report about the malware used in the campaign along with the Android backdoors that the attackers used with a keylogger named ONESIZE and BLACKSTAR – a custom dropper for DarkComet.

During the research of the malicious activity tracked back to the threat group, there were many instances to be found where Lebanon was referred, FireEye reported. This reference also included a user in the country who uploaded test versions of the malware that was executed in the campaign. Also, hackers who used social engineering ploys said in chats that they belonged to Lebanon.

The report also stated that social media pages suggest that either it is the refugees in the country being represented as female avatars or it is the Lebanese themselves.

Follow @HackRead

  • Tags
  • Malware
  • Privacy
  • security
  • Spying
  • Surveillance
  • Syria
  • Syrian Electronic Army
Facebook Twitter LinkedIn Pinterest
Previous article New Adobe Flash 0-Day Using Dailymotion.com In Malvertising Campaign
Next article Fake Google Chrome update leads to CTB Locker/Critroni Ransomware
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
Microsoft, FireEye report 3 new malware linked to SolarWinds hackers

Microsoft, FireEye report 3 new malware linked to SolarWinds hackers

Threat actors hijacking Bitbucket and Docker Hub for Monero mining

Threat actors hijacking Bitbucket and Docker Hub for Monero mining

IT Security firm Qualys extorted by Clop gang after data breach

IT Security firm Qualys extorted by Clop gang after data breach

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
Microsoft, FireEye report 3 new malware linked to SolarWinds hackers
Cyber Attacks

Microsoft, FireEye report 3 new malware linked to SolarWinds hackers

Threat actors hijacking Bitbucket and Docker Hub for Monero mining
Security

Threat actors hijacking Bitbucket and Docker Hub for Monero mining

Top Russian hacker forums Maza, Verified hacked; data leaked online
Hacking News

Top Russian hacker forums Maza, Verified hacked; data leaked online

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us