Cybersecurity researchers today uncovered new details of watering hole attacks against the Kurdish community in Syria and Turkey for surveillance and intelligence exfiltration purposes.
The advanced persistent threat behind the operation, called StrongPity, has retooled with new tactics to control compromised machines, cybersecurity firm Bitdefender said in a report shared with The Hacker News.
“Using watering hole tactics to selectively infect victims and deploying a three-tier C&C infrastructure to thwart forensic investigations, the APT group leveraged Trojanized popular tools, such as archivers, file recovery applications, remote connections applications, utilities, and even security software, to cover a wide range of options that targeted victims might be seeking,” the researchers said.
With the timestamps of the analyzed malware samples used in the campaign coinciding with the Turkish offensive into north-eastern Syria (codenamed Operation Peace Spring) last October, Bitdefender said the attacks could have been politically motivated.
Using Tainted Installers to Drop Malware
StrongPity (or Promethium) was first publicly reported on in October 2016 after attacks against…