Kaspersky Lab researchers have detected multiple attempts to infect foreign diplomatic entities in Iran with homebrew spyware. The attacks appear to be using an updated Remexi backdoor. Several legitimate tools were also used during the campaign. The Remexi backdoor is linked to a suspected Farsi-speaking cyberespionage group known as Chafer, previously associated with the cyber-surveillance of individuals in the Middle East. The targeting of embassies could suggest a new focus for the group.

 

The operation highlights how threat actors in emerging regions are mounting campaigns against targets of interest using relatively basic, homebrew malware combined with publically available tools. In this instance, the attackers used an improved version of the Remexi backdoor – a tool that enables remote administration of a victim’s machine.

 

Remexi was first detected in 2015, being used by a cyberespionage group named Chafer for a cyber-surveillance operation targeting individuals and a number of organizations across the Middle East. The act that the backdoor used in the new campaign has code similarities with known Remexi samples, combined with the target victim set means that Kaspersky Lab’s researchers have linked it to Chafer with medium confidence.

 

The newly discovered Remexi malware is able to execute commands remotely and to seize screenshots, browser data including user credentials, login data and history, and any typed text, among other things. The stolen data is exfiltrated using the legitimate Microsoft Background Intelligent Transfer Service (BITS) application – a Windows component designed to enable background Windows updates. The trend towards combining malware with appropriated or legitimate code helps attackers both to save time and resources when creating malware and to make attribution more complicated.

 

“When we talk about likely state-sponsored cyberespionage campaigns, people often imagine advanced operations with complex tools developed by experts. However, the people behind this spyware campaign look more like system administrators than sophisticated threat actors: they know how to code, but their campaign relies more on the creative use of tools that exist already, than on new, advanced features or elaborate architecture of the code.”

 

However, even relatively simple tools can cause significant damage so we urge organizations to protect their valuable information and systems against all level of threats, and to use threat intelligence to understand how the landscape is evolving,” – said Denis Legezo, Security Researcher at Kaspersky Lab.

 

Kaspersky Lab products detect the updated Remexi malware as Trojan.Win32.Remexi and Trojan.Win32.Agent.

 

For more information on Kaspersky Lab’s threat intelligence services please contact: intelreports@kaspersky.com

 

To protect yourself from targeted spyware:

 

  • Use a proven, corporate grade security solution with anti-targeted attack capabilities and threat intelligence, such as Kaspersky Threat Management and Defense solution. It is capable of spotting and catching advanced targeted attacks by analyzing network anomalies and giving cybersecurity teams full visibility over the network and response automation.

 

 

  • Provide your security team with access to up to date threat intelligence data, to keep pace with the latest tactics and tools used by cybercriminals, and enhance security controls already in use.

 

 

Read the full version of the report on Securelist.com.

 


RECOMMENDED ARTICLE FOR TECHWORLD


 
New Game Ready Driver Is Optimised for Star Wars Battlefront II, And Improves Destiny 2 Performance by up to 53%
Techworld Date Posted: 16 November 2017 5:26 PM | 424 Views
Hot on the heels of the Star Wars inspired GPUs comes the Star Wars TM BattlefrontTM II Game Ready driver from NVIDIA. Star Wars Battlefront II is launching worldwide on November 17, 2017, but.... See More
 
New Game Ready Driver Is Optimised for Star Wars Battlefront II, And Improves Destiny 2 Performance by up to 53%
Techworld Date Posted: 5:26 PM | 424 Views
Hot on the heels of the Star Wars inspired GPUs comes the Star Wars TM BattlefrontTM II Game Ready driver from NVIDIA. Star Wars Battlefront II is launching worldwide on November 17, 2017, but...See More

 
IDC Philippines Reveals Strategies Needed to Become Digitally Determined Enterprise at CIO Summit 2019
Techworld Date Posted: 24 April 2019 4:32 PM | 87 Views
IDC hosted its annual CIO Summit at the Shangri-La at the Fort, Manila exploring practical strategies to move businesses through their digital transformation (DX) journey. This year's CIO Summit, themed “The Digital Determination Playbook,”.... See More
 
IDC Philippines Reveals Strategies Needed to Become Digitally Determined Enterprise at CIO Summit 2019
Techworld Date Posted: 4:32 PM | 87 Views
IDC hosted its annual CIO Summit at the Shangri-La at the Fort, Manila exploring practical strategies to move businesses through their digital transformation (DX) journey. This year's CIO Summit, themed “The Digital Determination Playbook,”...See More

 
Realme to Officially Enter the Philippines on November 29th
Techworld Date Posted: 21 November 2018 1:31 PM | 609 Views
Realme, a fast-emerging smartphone brand in South East Asia announces its official arrival in the Philippines on November 29th, 2018. Established in May 2018, Realme aims to provide young people around the world with.... See More
 
Realme to Officially Enter the Philippines on November 29th
Techworld Date Posted: 1:31 PM | 609 Views
Realme, a fast-emerging smartphone brand in South East Asia announces its official arrival in the Philippines on November 29th, 2018. Established in May 2018, Realme aims to provide young people around the world with...See More

 
Fin7 Hacking Group Targets More Than 130 Companies After Leader’s Arrest
Techworld Date Posted: 16 May 2019 2:09 PM | 85 Views
Fin7 Hacking Group Targets More Than 130 Companies After Leader’s Arrest. See More
 
Fin7 Hacking Group Targets More Than 130 Companies After Leader’s Arrest
Techworld Date Posted: 2:09 PM | 85 Views
Fin7 Hacking Group Targets More Than 130 Companies After Leader’s ArrestSee More

 
An Easy Way for People in the Philippines to Access Their Money on Messenger
Techworld Date Posted: 23 September 2017 11:20 AM | 366 Views
Today, PayMaya and GCash, in partnership with Facebook, announced an easy new way for people to send money to friends, pay bills, and buy mobile data using Messenger. People in the Philippines regularly connect.... See More
 
An Easy Way for People in the Philippines to Access Their Money on Messenger
Techworld Date Posted: 11:20 AM | 366 Views
Today, PayMaya and GCash, in partnership with Facebook, announced an easy new way for people to send money to friends, pay bills, and buy mobile data using Messenger. People in the Philippines regularly connect...See More

 
iPhone X, Now Available in Power Mac Center
Techworld Date Posted: 8 December 2017 3:06 PM | 89 Views
It’s finally here! Power Mac Center has officially launched the most anticipated iPhone X, widely regarded as the most sophisticated iPhone yet. . See More
 
iPhone X, Now Available in Power Mac Center
Techworld Date Posted: 3:06 PM | 89 Views
It’s finally here! Power Mac Center has officially launched the most anticipated iPhone X, widely regarded as the most sophisticated iPhone yet. See More

 
Realme Comes to Europe, Ready to Provide Real Value with its Premium Products
Techworld Date Posted: 11 June 2019 9:12 AM | 120 Views
Game-changer smartphone brand Realme has announced its official entry in Europe, offering real value with its high-caliber products that feature powerful performance and contemporary design.. See More
 
Realme Comes to Europe, Ready to Provide Real Value with its Premium Products
Techworld Date Posted: 9:12 AM | 120 Views
Game-changer smartphone brand Realme has announced its official entry in Europe, offering real value with its high-caliber products that feature powerful performance and contemporary design.See More

 
Lenovo Bolsters PH Lineup with New AMD-Powered Devices
Techworld Date Posted: 6 December 2018 4:47 PM | 316 Views
Lenovo is refreshing its product offerings to Filipino customers with the launch of new laptops that run on AMD Ryzen processors. The release is part of the company’s objective of bringing the latest technology.... See More
 
Lenovo Bolsters PH Lineup with New AMD-Powered Devices
Techworld Date Posted: 4:47 PM | 316 Views
Lenovo is refreshing its product offerings to Filipino customers with the launch of new laptops that run on AMD Ryzen processors. The release is part of the company’s objective of bringing the latest technology...See More

 
Digital Clutter Leaves Your Business Exposed – And Employee Fridges Could Explain Why
Techworld Date Posted: 30 April 2019 10:08 AM | 83 Views
Businesses across the world are struggling to secure their data due to employees not recognizing their responsibility for digital clutter; the proliferation of digital documents and files without thought for managing the security consequences..... See More
 
Digital Clutter Leaves Your Business Exposed – And Employee Fridges Could Explain Why
Techworld Date Posted: 10:08 AM | 83 Views
Businesses across the world are struggling to secure their data due to employees not recognizing their responsibility for digital clutter; the proliferation of digital documents and files without thought for managing the security consequences....See More

 
IPC Dares Firms to Innovate Business Models with Chrome Enterprise
Techworld Date Posted: 22 June 2019 9:00 AM | 80 Views
IPC Dares Firms to Innovate Business Models with Chrome Enterprise . See More
 
IPC Dares Firms to Innovate Business Models with Chrome Enterprise
Techworld Date Posted: 9:00 AM | 80 Views
IPC Dares Firms to Innovate Business Models with Chrome Enterprise See More


Power by

Download Free AZ | Free Wordpress Themes