In 2018, researchers from safety agency Kaspersky Lab started monitoring “DeathStalker,” their title for a hacker-for-hire group that was using easy however efficient malware to do espionage on regulation companies and corporations within the monetary trade. Now, the researchers have linked the group to 2 different items of malware together with one which dates again to not less than 2012.
DeathStalker got here to Kaspersky’s consideration for its use of malware {that a} fellow researcher dubbed “Powersing”. The malware acquired its title for a 900-line PowerShell script that attackers went to nice lengths to obfuscate from antivirus software program.
Assaults began with spear-phishing emails with attachments that gave the impression to be paperwork however—by means of a sleight of hand involving LNK information—had been really malicious scripts. To maintain targets from getting suspicious, Powersing displayed a decoy doc as quickly as targets clicked on the attachment.
Learn 9 remaining paragraphs | Feedback