In March 2024, Kaspersky researchers discovered a campaign targeting individuals in Russia with previously unseen Android spyware they dubbed LianSpy. Kaspersky analysis indicates that the malware has been active since July 2021.
This threat is equipped to capture screencasts, exfiltrate user files, and harvest call logs and app lists. The malicious actor behind LianSpy employs multiple evasive tactics, such as leveraging a Russian cloud service, Yandex Disk, for C2 communications. They also avoid having dedicated infrastructure, and employ a lot of other features to keep the spyware undiscovered. Some of these features suggest that LianSpy is most likely deployed through either an unknown vulnerability or direct physical access to the target phone.
Read more…
Source: Kaspersky
Related:
- Newly discovered cyberspy crew targets Asian governments and corporations
September 6, 2022
A cyberespionage group has targeted government agencies and big-name corporations throughout Asia since at least 2020, using the notorious ProxyShell vulnerabilities in Microsoft Exchange to gain initial access. According to ESET, the crew it has dubbed as Worok may be associated with TA428, a similar group thought to be backed by China, that has been around ...
- China-linked APT40 gang targets wind farms, Australian government
August 31, 2022
Researchers at security company Proofpoint and PricewaterhouseCoopers (PWC) said on Tuesday they had identified a cyber espionage campaign that delivers the ScanBox exploitation framework through a malicious fake Australian news site. The campaign, active from April to June of this year, targeted Australian government agencies, Australian media companies and manufacturers who conduct maintenance on wind turbine ...
- British judge rules dissident can sue Saudi Arabia for Pegasus hacking
August 19, 2022
A British judge has ruled that a case against the kingdom of Saudi Arabia brought by a dissident satirist who was targeted with spyware can proceed, a decision that has been hailed as precedent-setting and one that could allow other hacking victims in Britain to sue foreign governments who order such attacks. The case against Saudi ...
- Shuckworm: Russia-Linked Group Maintains Ukraine Focus
August 17, 2022
Recent Shuckworm activity observed by Symantec, a division of Broadcom Software, and aimed at Ukraine appears to be delivering information-stealing malware to targeted networks. This activity was ongoing as recently as August 8, 2022 and much of the activity observed in this campaign is consistent with activity that was highlighted by CERT-UA on July 26. The ...
- Disrupting SEABORGIUM’s ongoing phishing operations
August 15, 2022
The Microsoft Threat Intelligence Center (MSTIC) has observed and taken actions to disrupt campaigns launched by SEABORGIUM, an actor Microsoft has tracked since 2017. SEABORGIUM is a threat actor that originates from Russia, with objectives and victimology that align closely with Russian state interests. Its campaigns involve persistent phishing and credential theft campaigns leading to ...
- U.S. doubles reward for tips on North Korean-backed hackers
July 26, 2022
The U.S. State Department has increased rewards paid to anyone providing information on any North Korean-sponsored threat groups’ members to $10 million. “If you have information on any individuals associated with the North Korean government-linked malicious cyber groups (such as Andariel, APT38, Bluenoroff, Guardians of Peace, Kimsuky, or Lazarus Group) and who are involved in targeting ...