Kaspersky Lab researchers have detected multiple attempts to infect foreign diplomatic entities in Iran with homebrew spyware. The attacks appear to be using an updated Remexi backdoor. Several legitimate tools were also used during the campaign. The Remexi backdoor is linked to a suspected Farsi-speaking cyberespionage group known as Chafer, previously associated with the cyber-surveillance of individuals in the Middle East. The targeting of embassies could suggest a new focus for the group.

 

The operation highlights how threat actors in emerging regions are mounting campaigns against targets of interest using relatively basic, homebrew malware combined with publically available tools. In this instance, the attackers used an improved version of the Remexi backdoor – a tool that enables remote administration of a victim’s machine.

 

Remexi was first detected in 2015, being used by a cyberespionage group named Chafer for a cyber-surveillance operation targeting individuals and a number of organizations across the Middle East. The act that the backdoor used in the new campaign has code similarities with known Remexi samples, combined with the target victim set means that Kaspersky Lab’s researchers have linked it to Chafer with medium confidence.

 

The newly discovered Remexi malware is able to execute commands remotely and to seize screenshots, browser data including user credentials, login data and history, and any typed text, among other things. The stolen data is exfiltrated using the legitimate Microsoft Background Intelligent Transfer Service (BITS) application – a Windows component designed to enable background Windows updates. The trend towards combining malware with appropriated or legitimate code helps attackers both to save time and resources when creating malware and to make attribution more complicated.

 

“When we talk about likely state-sponsored cyberespionage campaigns, people often imagine advanced operations with complex tools developed by experts. However, the people behind this spyware campaign look more like system administrators than sophisticated threat actors: they know how to code, but their campaign relies more on the creative use of tools that exist already, than on new, advanced features or elaborate architecture of the code.”

 

However, even relatively simple tools can cause significant damage so we urge organizations to protect their valuable information and systems against all level of threats, and to use threat intelligence to understand how the landscape is evolving,” – said Denis Legezo, Security Researcher at Kaspersky Lab.

 

Kaspersky Lab products detect the updated Remexi malware as Trojan.Win32.Remexi and Trojan.Win32.Agent.

 

For more information on Kaspersky Lab’s threat intelligence services please contact: intelreports@kaspersky.com

 

To protect yourself from targeted spyware:

 

  • Use a proven, corporate grade security solution with anti-targeted attack capabilities and threat intelligence, such as Kaspersky Threat Management and Defense solution. It is capable of spotting and catching advanced targeted attacks by analyzing network anomalies and giving cybersecurity teams full visibility over the network and response automation.

 

 

  • Provide your security team with access to up to date threat intelligence data, to keep pace with the latest tactics and tools used by cybercriminals, and enhance security controls already in use.

 

 

Read the full version of the report on Securelist.com.

 


RECOMMENDED ARTICLE FOR TECHWORLD


 
New Line-Up of Nokia Phones Launched in the Philippines
Techworld Date Posted: 17 April 2018 2:42 PM | 284 Views
HMD Global, the home of Nokia phones, today confirmed the availability of the Nokia 7 plus, Nokia 1, New Nokia 6, and Nokia 8110 4G for the Philippines. First introduced at the Mobile World.... See More
 
New Line-Up of Nokia Phones Launched in the Philippines
Techworld Date Posted: 2:42 PM | 284 Views
HMD Global, the home of Nokia phones, today confirmed the availability of the Nokia 7 plus, Nokia 1, New Nokia 6, and Nokia 8110 4G for the Philippines. First introduced at the Mobile World...See More

 
Lenovo Officially Kicks off Highly-Anticipated Legion of Champions Series II Grand Finale
Techworld Date Posted: 27 January 2018 1:20 PM | 356 Views
Lenovo (HKSE: 992) (ADR: LNVGY), the world’s leading PC manufacturer, has officially kicked off the “Legion of Champions Series II” Grand Finale (LoC; former League of Champions).. See More
 
Lenovo Officially Kicks off Highly-Anticipated Legion of Champions Series II Grand Finale
Techworld Date Posted: 1:20 PM | 356 Views
Lenovo (HKSE: 992) (ADR: LNVGY), the world’s leading PC manufacturer, has officially kicked off the “Legion of Champions Series II” Grand Finale (LoC; former League of Champions).See More

 
iPhone Xs and Xs Max, Now Available in Power Mac Center
Techworld Date Posted: 5 November 2018 5:21 PM | 224 Views
Power Mac Center, the premier Apple partner in the country, recently welcomed the arrival of iPhone Xs, iPhone Xs Max, and Apple Watch Series 4 with a midnight launch party at its flagship store.... See More
 
iPhone Xs and Xs Max, Now Available in Power Mac Center
Techworld Date Posted: 5:21 PM | 224 Views
Power Mac Center, the premier Apple partner in the country, recently welcomed the arrival of iPhone Xs, iPhone Xs Max, and Apple Watch Series 4 with a midnight launch party at its flagship store...See More

 
Belkin Accessories for New Gen iPhones Are Now Available at Power Mac Center
Techworld Date Posted: 29 June 2018 4:35 PM | 420 Views
  Modern life is unthinkable without the iPhone, especially as it has replaced almost every other device needed at work and in everyday life. Keep yours in peak performance with the help of the.... See More
 
Belkin Accessories for New Gen iPhones Are Now Available at Power Mac Center
Techworld Date Posted: 4:35 PM | 420 Views
  Modern life is unthinkable without the iPhone, especially as it has replaced almost every other device needed at work and in everyday life. Keep yours in peak performance with the help of the...See More

 
Transcend Announces Its Participation in Davao International Marathon 2019 – Powered by Taiwan Excellence
Techworld Date Posted: 4 March 2019 3:53 PM | 69 Views
Transcend Information Inc., a leading manufacturer of storage and multimedia products, is proud to announce its participation in the Davao International Marathon 2019 (DIM 2019) – Powered by Taiwan Excellence. See More
 
Transcend Announces Its Participation in Davao International Marathon 2019 – Powered by Taiwan Excellence
Techworld Date Posted: 3:53 PM | 69 Views
Transcend Information Inc., a leading manufacturer of storage and multimedia products, is proud to announce its participation in the Davao International Marathon 2019 (DIM 2019) – Powered by Taiwan ExcellenceSee More

 
Fortinet Reports Third Quarter 2017 Financial Results
Techworld Date Posted: 27 October 2017 5:15 PM | 342 Views
Fortinet® (NASDAQ: FTNT), a global leader in high-performance cyber security solutions, today announced financial results for the third quarter ended September 30, 2017.. See More
 
Fortinet Reports Third Quarter 2017 Financial Results
Techworld Date Posted: 5:15 PM | 342 Views
Fortinet® (NASDAQ: FTNT), a global leader in high-performance cyber security solutions, today announced financial results for the third quarter ended September 30, 2017.See More

 
Free YouTube Promo for Smart, TNT, and Sun Customers Extended until July 31
Techworld Date Posted: 16 July 2018 4:22 PM | 567 Views
PLDT wireless arm Smart Communications, Inc. has announced that it is extending its Free YouTube promo, allowing all prepaid and postpaid customers of Smart, TNT, and Sun to continue enjoying up to one hour.... See More
 
Free YouTube Promo for Smart, TNT, and Sun Customers Extended until July 31
Techworld Date Posted: 4:22 PM | 567 Views
PLDT wireless arm Smart Communications, Inc. has announced that it is extending its Free YouTube promo, allowing all prepaid and postpaid customers of Smart, TNT, and Sun to continue enjoying up to one hour...See More

 
ADATA to Showcase Its Latest Innovations at IFA 2018
Techworld Date Posted: 23 August 2018 2:03 PM | 380 Views
ADATA Technology, a leading manufacturer of high-performance DRAM modules and NAND flash products, has announced that it will be showcasing its latest products and solutions at IFA 2018 in Berlin. Among the products to.... See More
 
ADATA to Showcase Its Latest Innovations at IFA 2018
Techworld Date Posted: 2:03 PM | 380 Views
ADATA Technology, a leading manufacturer of high-performance DRAM modules and NAND flash products, has announced that it will be showcasing its latest products and solutions at IFA 2018 in Berlin. Among the products to...See More

 
System Integration Expo Sets the Stage for High-Tech Innovations
Techworld Date Posted: 9 July 2018 1:18 PM | 265 Views
The 12th largest population in the world, and also arguably one of the most tech-savvy around, the Philippines offers a multitude of opportunities for tech companies and investors. For the past decade or so,.... See More
 
System Integration Expo Sets the Stage for High-Tech Innovations
Techworld Date Posted: 1:18 PM | 265 Views
The 12th largest population in the world, and also arguably one of the most tech-savvy around, the Philippines offers a multitude of opportunities for tech companies and investors. For the past decade or so,...See More

 
ASUS Republic of Gamers Bundles the Best Games and Gears This Holiday Season!
Techworld Date Posted: 25 November 2017 4:58 PM | 360 Views
As the season of giving draws near, ASUS Republic Of Gamers (ROG) is first to gift its loyal customers additional reasons to upgrade their DIY PC systems. Dubbed as the Merry Strixmas promo, ROG.... See More
 
ASUS Republic of Gamers Bundles the Best Games and Gears This Holiday Season!
Techworld Date Posted: 4:58 PM | 360 Views
As the season of giving draws near, ASUS Republic Of Gamers (ROG) is first to gift its loyal customers additional reasons to upgrade their DIY PC systems. Dubbed as the Merry Strixmas promo, ROG...See More


Power by

Download Free AZ | Free Wordpress Themes