After being exposed, the APT made minor adjustments in their tactics to stay off the security radar.
The APT group behind the sophisticated malware known as StrongPity (a.k.a. Promethium) has changed its tactics, after various research groups analyzed the malware and exposed its methods of deployment. The efforts have allowed the group to return to hidden status, even after being labeled a known quantity, according to researchers.
A fresh analysis reveals that the StrongPity group made only minor adjustments, requiring minimal effort and code changes – but that these have been enough to be effective in keeping their infrastructure out of the limelight. Now researchers say they have observed new domains and new IP addresses, plus filename changes and small encryption enhancements.