A detailed analysis of the APT group DeathStalker has been published today by Kaspersky, highlighting the scale of its operations throughout the world, from Europe to Latin America.
The hacker-for-hire organization is known to have been active since at least 2012, primarily focusing on small and medium firms in the financial sector through commercial cyber-espionage campaigns.
Kaspersky said the research demonstrates that small and medium sized companies, as well as larger businesses and government organizations, must be prepared to deal with the threats posed by APT actors such as DeathStalker.
Through tracking the group from 2018, Kaspersky has been able to link its activities to the three malware families Powersing, Evilnum and Janicub, with “medium confidence.”
DeathStalker’s main method of attack is to deliver archives containing malicious files through tailored spear-phishing emails. A malicious script is executed and further components are downloaded from the internet when a user clicks the shortcut, which gives the attackers control of the victim’s machine.
securelist.com
