Kaspersky Finds A New Espionage Campaign Targeting Government Entities Around The World

JAKARTA - Kaspersky experts uncovered a new cyber espionage campaign previously unknown in February 2024, targeting a government entity in the Middle East.

This espionage campaign saw attackers secretly spy on targets and retrieve sensitive data using a set of advanced tools designed to monitor and last long.

"This malware variant demonstrates the adaptability and ability of threat actors behind this campaign," said Sergey Lozhkin, Kaspersky's top security researcher at GReAT (Global Research and Analysis Team).

Kaspersky mentioned that the initial dropper of the malware disguised itself as a faulty install file for a legal tool called the Total Commander. Inside this dropper, strings are embedded from Spanish poetry, with strings that differ from one sample to another.

This variation aims to change the signature of each sample, so that detection with traditional methodology becomes more difficult.

Embedded in the dropper is a malicious code designed to download additional payloads in the form of a backdoor called CR4T, which aims to provide attackers with access to the victim's engine.

"Currently, we have found two similar implants, but we strongly suspect additional implants," added Lozhkin further.

Kaspersky Telemetry identified victims in the Middle East in early February 2024. In addition, several similar malware uploads to the semi-public malware scanning service occurred at the end of 2023, with more than 30 shipments.

Other sources suspected of being VPN exit points are located in South Korea, Luxembourg, Japan, Canada, the Netherlands, and the United States.