Lyceum APT Returns, This Time Targeting Tunisian Firms

[silversurfer]

Content source

https://threatpost.com/lyceum-apt-tunisian-firms/175579/

The Lyceum threat group has resurfaced, this time with a weird variant of a remote-access trojan (RAT) that doesn’t have a way to talk to a command-and-control (C2) server and might instead be a new way to proxy traffic between internal network clusters.

Kaspersky’s Mark Lechtik – senior security researcher at the company’s Global Research & Analysis Team (GReAT) – said in a Monday post that the team has identified a new cluster of Lyceum activity that’s focused on two entities in Tunisia.

In a paper (PDF) presented earlier this month at the Virus Bulletin conference, Lechtik and fellow Kaspersky researchers Aseel Kayal and Paul Rascagneres wrote that the threat actor has attacked high-profile Tunisian organizations, such as telecoms or aviation companies.

Lyceum APT Returns, This Time Targeting Tunisian Firms

The APT, which targets Middle Eastern energy firms & telecoms, has been relatively quiet since its exposure but not entirely silent. It's kept up attacks through 2021 and is working on retooling its arsenal yet again.

threatpost.com