Kaspersky Lab researchers have detected multiple attempts to infect foreign diplomatic entities in Iran with homebrew spyware. The attacks appear to be using an updated Remexi backdoor. Several legitimate tools were also used during the campaign. The Remexi backdoor is linked to a suspected Farsi-speaking cyberespionage group known as Chafer, previously associated with the cyber-surveillance of individuals in the Middle East. The targeting of embassies could suggest a new focus for the group.

 

The operation highlights how threat actors in emerging regions are mounting campaigns against targets of interest using relatively basic, homebrew malware combined with publically available tools. In this instance, the attackers used an improved version of the Remexi backdoor – a tool that enables remote administration of a victim’s machine.

 

Remexi was first detected in 2015, being used by a cyberespionage group named Chafer for a cyber-surveillance operation targeting individuals and a number of organizations across the Middle East. The act that the backdoor used in the new campaign has code similarities with known Remexi samples, combined with the target victim set means that Kaspersky Lab’s researchers have linked it to Chafer with medium confidence.

 

The newly discovered Remexi malware is able to execute commands remotely and to seize screenshots, browser data including user credentials, login data and history, and any typed text, among other things. The stolen data is exfiltrated using the legitimate Microsoft Background Intelligent Transfer Service (BITS) application – a Windows component designed to enable background Windows updates. The trend towards combining malware with appropriated or legitimate code helps attackers both to save time and resources when creating malware and to make attribution more complicated.

 

“When we talk about likely state-sponsored cyberespionage campaigns, people often imagine advanced operations with complex tools developed by experts. However, the people behind this spyware campaign look more like system administrators than sophisticated threat actors: they know how to code, but their campaign relies more on the creative use of tools that exist already, than on new, advanced features or elaborate architecture of the code.”

 

However, even relatively simple tools can cause significant damage so we urge organizations to protect their valuable information and systems against all level of threats, and to use threat intelligence to understand how the landscape is evolving,” – said Denis Legezo, Security Researcher at Kaspersky Lab.

 

Kaspersky Lab products detect the updated Remexi malware as Trojan.Win32.Remexi and Trojan.Win32.Agent.

 

For more information on Kaspersky Lab’s threat intelligence services please contact: intelreports@kaspersky.com

 

To protect yourself from targeted spyware:

 

  • Use a proven, corporate grade security solution with anti-targeted attack capabilities and threat intelligence, such as Kaspersky Threat Management and Defense solution. It is capable of spotting and catching advanced targeted attacks by analyzing network anomalies and giving cybersecurity teams full visibility over the network and response automation.

 

 

  • Provide your security team with access to up to date threat intelligence data, to keep pace with the latest tactics and tools used by cybercriminals, and enhance security controls already in use.

 

 

Read the full version of the report on Securelist.com.

 


RECOMMENDED ARTICLE FOR TECHWORLD


 
Pet Trackers Might Have More ‘bite’ than Animal Lovers Realize, Says Kaspersky Lab
Techworld Date Posted: 24 May 2018 4:22 PM | 230 Views
As everything, including our pets, begin to take on a digital element, securing connected devices and their networks will be key to keeping, not just our information, but also our most prized possessions secure.. See More
 
Pet Trackers Might Have More ‘bite’ than Animal Lovers Realize, Says Kaspersky Lab
Techworld Date Posted: 4:22 PM | 230 Views
As everything, including our pets, begin to take on a digital element, securing connected devices and their networks will be key to keeping, not just our information, but also our most prized possessions secure.See More

 
Kaspersky Lab Appoints MSI-ECS Philippines to Boost Growth in B2B Market
Techworld Date Posted: 8 January 2019 1:37 PM | 72 Views
  In line with Kaspersky Lab’s strategy to aggressively strengthen its growth in the enterprise market, the global cybersecurity company has announced its partnership with MSI-ECS Philippines.   MSI-ECS is one of the biggest.... See More
 
Kaspersky Lab Appoints MSI-ECS Philippines to Boost Growth in B2B Market
Techworld Date Posted: 1:37 PM | 72 Views
  In line with Kaspersky Lab’s strategy to aggressively strengthen its growth in the enterprise market, the global cybersecurity company has announced its partnership with MSI-ECS Philippines.   MSI-ECS is one of the biggest...See More

 
AOC Monitors Continuously Dominate the PH Market in Monitor Sales
Techworld Date Posted: 28 January 2019 4:25 PM | 70 Views
According to the most recent report from the International Data Corporation (IDC), the world’s premiere global market intelligence firm, AOC has once again overtaken the Philippine market in monitor sales during the third quarter.... See More
 
AOC Monitors Continuously Dominate the PH Market in Monitor Sales
Techworld Date Posted: 4:25 PM | 70 Views
According to the most recent report from the International Data Corporation (IDC), the world’s premiere global market intelligence firm, AOC has once again overtaken the Philippine market in monitor sales during the third quarter...See More

 
ASUS Announces Z370 Series Motherboards
Techworld Date Posted: 30 September 2017 9:37 AM | 432 Views
The arrival of the 8th Generation Intel CoreTM processors marks the latest launch of a new consumer-oriented desktop platform this year, one with unprecedented power and responsiveness. Otherwise known as Coffee Lake, these new.... See More
 
ASUS Announces Z370 Series Motherboards
Techworld Date Posted: 9:37 AM | 432 Views
The arrival of the 8th Generation Intel CoreTM processors marks the latest launch of a new consumer-oriented desktop platform this year, one with unprecedented power and responsiveness. Otherwise known as Coffee Lake, these new...See More

 
ADATA Announces IUSP33F PCIe BGA SSD
Techworld Date Posted: 11 September 2018 11:04 AM | 132 Views
ADATA Technology, a leading manufacturer of high-performance DRAM modules and NAND flash products, has launched the ADATA IUSP33F PCIe ball grid array (BGA) solid state drive (SSD).. See More
 
ADATA Announces IUSP33F PCIe BGA SSD
Techworld Date Posted: 11:04 AM | 132 Views
ADATA Technology, a leading manufacturer of high-performance DRAM modules and NAND flash products, has launched the ADATA IUSP33F PCIe ball grid array (BGA) solid state drive (SSD).See More

 
UBTECH Announces Arrival of Star Wars First Order Stormtrooper Robot with Companion App
Techworld Date Posted: 9 January 2018 4:50 PM | 347 Views
UBTECH Robotics, a global leader in intelligent humanoid robots, today announced its latest offering, the Star Wars First Order Stormtrooper Robot by UBTECH, is now available in retail stores and online.. See More
 
UBTECH Announces Arrival of Star Wars First Order Stormtrooper Robot with Companion App
Techworld Date Posted: 4:50 PM | 347 Views
UBTECH Robotics, a global leader in intelligent humanoid robots, today announced its latest offering, the Star Wars First Order Stormtrooper Robot by UBTECH, is now available in retail stores and online.See More

 
Victims of Malicious Crypto Miners Increase by 44% as 2.7 Million Internet Users Are Targeted in a Year
Techworld Date Posted: 10 July 2018 10:02 AM | 440 Views
The number of internet users that have been attacked by malicious crypto currency mining software has increased from 1.9 million to 2.7 million in just one year. Statistics for the last 24 months show.... See More
 
Victims of Malicious Crypto Miners Increase by 44% as 2.7 Million Internet Users Are Targeted in a Year
Techworld Date Posted: 10:02 AM | 440 Views
The number of internet users that have been attacked by malicious crypto currency mining software has increased from 1.9 million to 2.7 million in just one year. Statistics for the last 24 months show...See More

 
Kaspersky Lab and DICT Ink MoU to Develop Public Sector Cybersecurity Capability
Techworld Date Posted: 30 October 2018 5:08 PM | 142 Views
DICT & Kaspersky Lab inks MoU. Present at the signing were (from left to right) Allan S. Cabanlong, Assistant Secetary, DICT; Eliseo M. Rio Jr., Acting Secretary, DICT; Stephan Neumeier, Managing Director, Kaspersky Lab.... See More
 
Kaspersky Lab and DICT Ink MoU to Develop Public Sector Cybersecurity Capability
Techworld Date Posted: 5:08 PM | 142 Views
DICT & Kaspersky Lab inks MoU. Present at the signing were (from left to right) Allan S. Cabanlong, Assistant Secetary, DICT; Eliseo M. Rio Jr., Acting Secretary, DICT; Stephan Neumeier, Managing Director, Kaspersky Lab...See More

 
PUBG Desert Map Gets a New Weapon, the R45 Revolver
Techworld Date Posted: 9 December 2017 9:36 AM | 1898 Views
NVIDIA premiered a new weapon for the upcoming desert zone in PLAYERUNKNOWN’S BATTLEGROUNDS (PUBG) today on GeForce.com. . See More
 
PUBG Desert Map Gets a New Weapon, the R45 Revolver
Techworld Date Posted: 9:36 AM | 1898 Views
NVIDIA premiered a new weapon for the upcoming desert zone in PLAYERUNKNOWN’S BATTLEGROUNDS (PUBG) today on GeForce.com. See More

 
MSI Announces Clearance Sale Exclusive to PC Express Gilmore
Techworld Date Posted: 7 September 2017 3:26 PM | 332 Views
Big Savings with MSI Clearance Sale exclusive at PC Express Gilmore Branch located at UNIT 2A 2ND FLOOR, 25 Gilmore Ave, New Manila, Quezon City, Metro Manila. Save as much as P55,000 on selected.... See More
 
MSI Announces Clearance Sale Exclusive to PC Express Gilmore
Techworld Date Posted: 3:26 PM | 332 Views
Big Savings with MSI Clearance Sale exclusive at PC Express Gilmore Branch located at UNIT 2A 2ND FLOOR, 25 Gilmore Ave, New Manila, Quezon City, Metro Manila. Save as much as P55,000 on selected...See More


Power by

Download Free AZ | Free Wordpress Themes