In March 2024, Kaspersky researchers discovered a campaign targeting individuals in Russia with previously unseen Android spyware they dubbed LianSpy. Kaspersky analysis indicates that the malware has been active since July 2021.
This threat is equipped to capture screencasts, exfiltrate user files, and harvest call logs and app lists. The malicious actor behind LianSpy employs multiple evasive tactics, such as leveraging a Russian cloud service, Yandex Disk, for C2 communications. They also avoid having dedicated infrastructure, and employ a lot of other features to keep the spyware undiscovered. Some of these features suggest that LianSpy is most likely deployed through either an unknown vulnerability or direct physical access to the target phone.
Read more…
Source: Kaspersky
Related:
- Iran-linked Cobalt Mirage extracts money, info from US orgs – report
May 13, 2022
The Iran-linked Cobalt Mirage crew is running attacks against America for both financial gain and for cyber-espionage purposes, according to Secureworks’ threat intelligence team. The cybercriminal gang has been around since June 2020, and its most recent activities have been put into two categories. One, using ransomware to extort money, as illustrated by a strike in ...
- APT34 hackers exposed in a highly targeted espionage campaign
May 12, 2022
Threat analysts have spotted a novel attack attributed to the Iranian hacking group known as APT34 group or Oilrig, who targeted a Jordanian diplomat with custom-crafted tools. The attack involved advanced anti-detection and anti-analysis techniques and had some characteristics that indicate lengthy and careful preparation. Security researchers at Fortinet have gathered evidence and artifacts from the attack ...
- Spain fires intelligence chief amid phone hacking scandals
May 10, 2022
Spain’s government fired the director of the country’s top intelligence agency Tuesday following the hacking of politicians’ cellphones, including the devices of the prime minister and several supporters of the Catalonia region’s secession. The National Intelligence Center, or CNI, has been under fire for its role in spying on Catalan separatists and for taking a full ...
- Operation CuckooBees: Deep-Dive into Stealthy Winnti Techniques
May 4, 2022
In 2021, the Cybereason Nocturnus Incident Response Team investigated multiple intrusions targeting technology and manufacturing companies located in Asia, Europe and North America. Based on the findings of our investigation, it appears that the goal behind these intrusions was to steal sensitive intellectual property for cyber espionage purposes. Cybereason assesses with moderate-high confidence that the threat ...
- Chinese cyber-espionage group Moshen Dragon targets Asian telcos
May 2, 2022
Researchers have identified a new cluster of malicious cyber activity tracked as Moshen Dragon, targeting telecommunication service providers in Central Asia. While this new threat group has some overlaps with “RedFoxtrot” and “Nomad Panda,” including the use of ShadowPad and PlugX malware variants, there are enough differences in their activity to follow them separately. According to a ...
- Spanish PM, defense minister latest Pegasus spyware victims
May 2, 2022
Spain’s prime minister and defense minister are the latest elected officials to detect Pegasus spyware on their mobile phones, according to multiple media reports quoting Spanish authorities. During a press conference on Monday, Félix Bolaños, the minister for the presidency, told reporters that cellphones of Spanish prime minister Pedro Sánchez and defense minister Margarita Robles were ...