In March 2024, Kaspersky researchers discovered a campaign targeting individuals in Russia with previously unseen Android spyware they dubbed LianSpy. Kaspersky analysis indicates that the malware has been active since July 2021.
This threat is equipped to capture screencasts, exfiltrate user files, and harvest call logs and app lists. The malicious actor behind LianSpy employs multiple evasive tactics, such as leveraging a Russian cloud service, Yandex Disk, for C2 communications. They also avoid having dedicated infrastructure, and employ a lot of other features to keep the spyware undiscovered. Some of these features suggest that LianSpy is most likely deployed through either an unknown vulnerability or direct physical access to the target phone.
Read more…
Source: Kaspersky
Related:
- White House: Here’s what we’ve learned from tackling the SolarWinds and Microsoft Exchange Server cyber incidents
April 21, 2021
Lessons learned from responses to the SolarWinds and Microsoft Exchange cyber incidents will be used to coordinate action against future cybersecurity and hacking incidents, the White House has said. Both incidents required the United States to react to cyberattacks by nation-state hacking operations affecting thousands of organisations across the country – Russian intelligence compromised SolarWinds in ...
- It was Russia wot did it: SolarWinds hack was done by Kremlin’s APT29 crew, say UK and US
April 15, 2021
Russia’s infamous APT 29, aka Cozy Bear, was behind the SolarWinds Orion attack, the US and UK governments said today as America slapped sanctions on Russian infosec companies as well as expelling diplomats from that country’s US embassy. One of the sanctioned companies is Positive Technologies, familiar in the West for, among other things, in-depth research ...
- Crossing the Line: When Cyberattacks Become Acts of War
April 7, 2021
The Cold War concept isn’t outdated. In the decades since the fall of the Soviet Union, the battleground has simply shifted from conflicts between ideological proxy governments to cyberspace. And the opponents have grown from a few primary nations into a broad range of sovereign threat actors. The question is, when does a cyberattack cross the ...
- APT Charming Kitten Pounces on Medical Researchers
March 31, 2021
Security researchers have linked a late-2020 phishing campaign aimed at stealing credentials from 25 senior professionals at medical research organizations in the United States and Israel to an advanced persistent threat group with links to Iran called Charming Kitten. The campaign—dubbed BadBlood because of its medical focus and the history of tensions between Iran and Israel–aimed ...
- APT10: sophisticated multi-layered loader Ecipekac discovered in A41APT campaign
March 30, 2021
In 2019, we observed an APT campaign targeting multiple industries, including the Japanese manufacturing industry and its overseas operations, that was designed to steal information. We named the campaign A41APT (not APT41) which is derived from the host name “DESKTOP-A41UVJV” from the attacker’s system used in the initial infection. The actor leveraged vulnerabilities in Pulse ...
- Department of Homeland Security email accounts exposed in SolarWinds hack
March 30, 2021
Email accounts belonging to US Department of Homeland Security (DHS) officials may have been compromised during the SolarWinds attack by Russian threat actors. The Associated Press reports that unauthorized intrusions occurred during the SolarWinds supply-chain attack. SolarWinds, the central point of entry, was compromised by threat actors in December who were able to plant a malicious Orion ...