In March 2024, Kaspersky researchers discovered a campaign targeting individuals in Russia with previously unseen Android spyware they dubbed LianSpy. Kaspersky analysis indicates that the malware has been active since July 2021.
This threat is equipped to capture screencasts, exfiltrate user files, and harvest call logs and app lists. The malicious actor behind LianSpy employs multiple evasive tactics, such as leveraging a Russian cloud service, Yandex Disk, for C2 communications. They also avoid having dedicated infrastructure, and employ a lot of other features to keep the spyware undiscovered. Some of these features suggest that LianSpy is most likely deployed through either an unknown vulnerability or direct physical access to the target phone.
Read more…
Source: Kaspersky
Related:
- New industrial espionage campaign leverages AutoCAD-based malware
November 28, 2018
Security researchers have spotted a somewhat unique malware distribution campaign that targets companies using AutoCAD-based malware. Discovered by cyber-security firm Forcepoint, which shared its findings with ZDNet yesterday, the campaign appears to have been active since 2014, based on telemetry data the company has analyzed. Forcepoint says the group behind this recent campaign is most likely very sophisticated ...
- Pegasus Spyware Targets Investigative Journalists in Mexico
November 27, 2018
Colleagues of slain Javier Valdez Cárdenas, known for investigating drug cartels, were targeted just days after his death. The notorious state actor mobile spyware known as Pegasus has resurfaced, targeting the colleagues of a slain Mexican journalist who lived – and died – investigating drug cartels. Journalist Javier Valdez Cárdenas, founder of Río Doce, a Mexican newspaper ...
- Threat Actor Uses DNS Redirects, DNSpionage RAT to Attack Government Targets
November 27, 2018
Cisco Talos discovered a new malware campaign targeting a commercial Lebanese airline company, as well as United Arab Emirates (UAE) and Lebanon government domains. According to Cisco Talos’ findings, the recently observed campaign could not be connected to other threat actors or attacks based on the used infrastructure and its Tactics, Techniques, and Procedures (TTP). The actor ...
- 500K Italian Public Administration Email Accounts Compromised By Targeted Attack
November 21, 2018
500,000 certified Italian public administration emails were compromised by hackers who specifically targeted the Italian Comitato Interministeriale per la Sicurezza della Repubblica (CISR) as reported by Difesa e Sicurezza. Although CISR was the primary target, the hackers also compromised certified emails related to other Italian public administration agencies according to Roberto Baldoni, the Deputy Director of the ...
- APT29 Re-Emerges After 2 Years with Widespread Espionage Campaign
November 20, 2018
The group is best-known for hacking the DNC ahead of the 2016 presidential election. A phishing campaign bent on espionage, believed to be launched by the nation-state threat group known as APT29, is targeting high-value targets across the think-tank, law enforcement, media, U.S. military, imagery, transportation, pharmaceutical, national government and defense contracting sectors. It’s the first large-scale ...
- The White Company: Inside the Operation Shaheen Espionage Campaign
November 12, 2018
In a new collection of extensive research reports, the Cylance Threat Intelligence Team profiles a new, likely state-sponsored threat actor called The White Company – in acknowledgement of the many elaborate measures they take to whitewash all signs of their activity and evade attribution. The report details one of the group’s recent campaigns, a year-long espionage ...