“DeathStalker” hackers are (likely) older and more prolific than we thought

by
Dan Goodin
from Ars Technica - All content on (#579XX)
haX0r-800x520.jpg

Enlarge (credit: Getty Images)

In 2018, researchers from security firm Kaspersky Lab began tracking DeathStalker," their name for a hacker-for-hire group that was employing simple but effective malware to do espionage on law firms and companies in the financial industry. Now, the researchers have linked the group to two other pieces of malware including one that dates back to at least 2012.

DeathStalker came to Kaspersky's attention for its use of malware that a fellow researcher dubbed Powersing". The malware got its name for a 900-line PowerShell script that attackers went to great lengths to obfuscate from antivirus software.

Attacks started with spear-phishing emails with attachments that appeared to be documents but-through a sleight of hand involving LNK files-were actually malicious scripts. To keep targets from getting suspicious, Powersing displayed a decoy document as soon as targets clicked on the attachment.

Read 9 remaining paragraphs | Comments

index?i=YPyQDR-eJco:TNO0iMIpzC4:V_sGLiPB index?i=YPyQDR-eJco:TNO0iMIpzC4:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments