Chafer - Science and Digital News
Cybersecurity Hardware and Software

Kaspersky Lab Says Chafer Cyberespionage Group Targets Embassies with Spyware

The Remexi backdoor is linked to a suspected Farsi-speaking cyberespionage group known as Chafer, previously associated with the....

KASPERSKY Lab researchers have detected multiple attempts to infect foreign diplomatic entities in Iran with homebrew spyware.

The attacks appear to be using an updated Remexi backdoor. Several legitimate tools were also used during the campaign. The Remexi backdoor is linked to a suspected Farsi-speaking cyberespionage group known as Chafer, previously associated with the cyber-surveillance of individuals in the Middle East. The targeting of embassies could suggest a new focus for the group.

The operation highlights how threat actors in emerging regions are mounting campaigns against targets of interest using relatively basic homebrew malware combined with publicly available tools. In this instance, the attackers used an improved version of the Remexi backdoor – a tool that enables remote administration of a victim’s machine.

Remexi was first detected in 2015, being used by a cyberespionage group named Chafer for a cyber-surveillance operation targeting individuals and a number of organizations across the Middle East. The act that the backdoor used in the new campaign has code similarities with known Remexi samples, combined with the target victim set means that Kaspersky Lab’s researchers have linked it to Chafer with medium confidence.

Cybersecurity Chafer - Science and Digital News
Image source: Courtesy of The Digital Artist on Pixabay.

The newly discovered Remexi malware is able to execute commands remotely and to seize screenshots, browser data including user credentials, login data and history, and any typed text, among other things. The stolen data is exfiltrated using the legitimate Microsoft Background Intelligent Transfer Service (BITS) application – a Windows component designed to enable background Windows updates. The trend towards combining malware with appropriated or legitimate code helps attackers both to save time and resources when creating malware and to make attribution more complicated.

“When we talk about likely state-sponsored cyberespionage campaigns, people often imagine advanced operations with complex tools developed by experts. However, the people behind this spyware campaign look more like system administrators than sophisticated threat actors: they know how to code, but their campaign relies more on the creative use of tools that exist already, than on new, advanced features or elaborate architecture of the code.

“However, even relatively simple tools can cause significant damage so we urge organizations to protect their valuable information and systems against all level of threats, and to use threat intelligence to understand how the landscape is evolving,” said Denis Legezo, security researcher at Kaspersky Lab.Kaspersky Lab - Science and Digital News
To protect yourself from targeted spyware:

  • Use a proven, corporate grade security solution with anti-targeted attack capabilities and threat intelligence, such as Kaspersky Threat Management and Defense solution. It is capable of spotting and catching advanced targeted attacks by analyzing network anomalies and giving cybersecurity teams full visibility over the network and response automation.
  • Introduce security awareness initiatives enabling employees to master the skill of identifying suspicious messages. Email is common entry point for a targeted attack, and Kaspersky Lab customers would benefit from Kaspersky Security Awareness Training.
  • Provide your security team with access to up to date threat intelligence data, to keep pace with the latest tactics and tools used by cybercriminals, and enhance security controls already in use. (Kaspersky Lab)

Hello, Cyber World! A journalist's passion for news, which for me is every and any kind of news, but specially on Science, Technology, Innovation, Digital, and Current News, or just about anything under Heaven, birthed this news platform. Disclosure: I am not a scientist nor an expert on anything Science, and not a techie either; just some journalist who loves and care to bring the good news and share them to everyone out there. It is a big, big physical world out there, but the Industrial Revolution 4.0, the Internet in the Digital Age, has shrunk Earth into one small virtual community. Each human being a "neighbor" to everyone in the Philippines and in any point of the compass. Whatever you may see or think could be my and this site's shortcoming, my apologies. So, there, please join me in my journey in cyberspace! Be home, be safe, be mindful of your neighbors, of the Creator! Thanks so much.

0 comments on “Kaspersky Lab Says Chafer Cyberespionage Group Targets Embassies with Spyware

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: