An advanced persistent threat (APT) actor has been tracked in a new campaign deploying Android malware via the Syrian e-Government Web Portal, indicating an upgraded arsenal designed to compromise victims.
“To the best of our knowledge, this is the first time that the group has been publicly observed using malicious Android applications as part of its attacks,” Trend Micro researchers Zhengyu Dong, Fyodor Yarochkin, and Steven Du said in a technical write-up published Wednesday.
StrongPity, also codenamed Promethium by Microsoft, is believed to have been active since 2012 and has typically focused on targets across Turkey and Syria. In June 2020, the espionage threat actor was connected to a wave of activities that banked on watering hole attacks and tampered installers, which abuse the popularity of legitimate applications, to infect targets with malware.
“Promethium has been resilient over the years,” Cisco Talos disclosed last year. “Its campaigns have been exposed several times, but that was not enough to make the actors behind it to make them stop. The fact that the group does not refrain from launching new campaigns even after being exposed shows their resolve to…