Cybersecurity Researchers Find VPNs Contain Hazardous Spyware Target Minority Religions In This Region

An illustration Kaspersky discovered an Android espionage campaign dubbed SandStrike. (photo: Kaspersky)

JAKARTA - In the third quarter of 2022, Kaspersky researchers discovered an Android espionage campaign dubbed SandStrice. The threat actor targeted a minority of ethnic languages, Bah

Kaspersky said that to lure victims to download spyware implants, threat actors created Facebook and Instagram accounts with more than 1,000 followers and designed interesting religious-themed graphical materials and set effective traps for adherents of this belief.

"In the attack, they used intelligent and unexpected methods: SandStrice, attacking users through VPN services, where it is used as protection and security, is an excellent example," said Victor Chebyshev, lead security researcher at GREAT (Global Research & Analysis Team) Kaspersky in a statement received in Jakarta.

In this channel then, the actor behind SandStrike distributes VPN applications built with its own infrastructure, which are made in such a way as to appear harmless to access banned sites in certain areas, for example, religious-related materials.

Then, the VPN containing spyware allows perpetrators to collect and steal sensitive data, including call logs, contact lists, and also track further activity of targeted individuals.

Throughout the third quarter of 2022, APT actors continued to change tactics, hone their devices and develop their new techniques. The most significant findings include:

New advanced malware platforms targeting telecommunications, ISP, and universities

Kaspersky researchers analyzed an unprecedented platform of advanced malware dubbed

Improved sophisticated tools with extraordinary capabilities

Kaspersky experts observed Lazarus using the DeathNote cluster targeting victims in South Korea. Perpetrators likely used a strategic web compromise, using an infection chain similar to what Kaspersky researchers previously reported, namely attacking endpoint security programs. However, experts have found that malware and infection schemes have also been updated.

The actor uses malware that has never been seen before, with minimal functionality to carry out orders from the C2 server. Using this implanted backdoor, the operator hides in the victim's environment for a month and collects system information.

The virtual world's espionage continues to be the main goal of APT's campaign

In the third quarter of 2022, Kaspersky researchers detected many APT campaigns, whose main targets were government agencies. Kaspersky's recent investigation shows that this year, from February onwards, HotCousin has been trying to target foreign ministries in Europe, Asia, Africa and South America.