In March 2024, Kaspersky researchers discovered a campaign targeting individuals in Russia with previously unseen Android spyware they dubbed LianSpy. Kaspersky analysis indicates that the malware has been active since July 2021.
This threat is equipped to capture screencasts, exfiltrate user files, and harvest call logs and app lists. The malicious actor behind LianSpy employs multiple evasive tactics, such as leveraging a Russian cloud service, Yandex Disk, for C2 communications. They also avoid having dedicated infrastructure, and employ a lot of other features to keep the spyware undiscovered. Some of these features suggest that LianSpy is most likely deployed through either an unknown vulnerability or direct physical access to the target phone.
Read more…
Source: Kaspersky
Related:
- Rare Backdoors Suspected to be Tied to Gelsemium APT Found in Targeted Attack in Southeast Asian Government
September 22, 2023
A cluster of threat actor activity that Unit 42 observed attacking a Southeast Asian government target could provide insight into a rarely seen, stealthy APT group known as Gelsemium. The researchers found this activity as part of an investigation into compromised environments within a Southeast Asian government. Unit 42 researchers identified the cluster as CL-STA-0046. This unique ...
- Backchannel Diplomacy: APT29’s Rapidly Evolving Diplomatic Phishing Operations
September 22, 2023
During the lead up to Ukraine’s counteroffensive, Mandiant and Google’s Threat Analysis Group (TAG) have tracked an increase in the frequency and scope of APT29 phishing operations. Investigations into the group’s recent activity have identified an intensification of operations centered on foreign embassies in Ukraine. Notably, as part of this activity, Mandiant have seen phishing emails ...
- China’s Ministry of State Security reveals US’ infiltration of Huawei traced back to 2009
September 20, 2023
The US’ infiltration of Huawei headquarters’ servers can be traced back to 2009, China’s Ministry of State Security (MSS) said in an article released on Wednesday. The Chinese ministry disclosed despicable methods of cyber espionage adopted by US intelligence agencies, which include establishing cyberattack arsenals, coercing technology companies to cooperate, and distorting the truth to ...
- China becomes main victim of advanced persistent threat attacks: Ministry of State Security
September 16, 2023
According to the Ministry of State Security on Saturday which is the 23rd National Defense Education Day, China has become the main victim of advanced persistent threat (APT) attacks, adding that cyberspace has become an important battleground for foreign intelligence agencies to conduct cyber espionage against China, Xinhua Daily Telegraph reported. The national security departments of ...
- Peach Sandstorm password spray campaigns enable intelligence collection at high-value targets
September 14, 2023
Since February 2023, Microsoft has observed password spray activity against thousands of organizations carried out by an actor we track as (HOLMIUM). Peach Sandstorm is an Iranian nation-state threat actor who has recently pursued organizations in the satellite, defense, and pharmaceutical sectors around the globe. Based upon the profile of victim organizations targeted and the observed ...
- China: Identity of NSA hacker behind cyberattack on China’s leading aviation university identified
September 14, 2023
During the investigation of the cyberattack against Northwestern Polytechnical University (NPU), a leading Chinese aviation university, China has successfully extracted multiple samples of the spyware named SecondDate, and with the collaborative efforts of partners in various countries, the real identity of the US’ National Security Agency (NSA) personnel responsible for launching the cyberattack on NPU ...