Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Espionage Campaign Sets Sites on Turkish Defense Contractors
#1
Tara Seals US/North America News Reporter, Infosecurity Magazine

Quote:An unknown actor purporting to be from the tax collection arm of the Turkish government has been carrying out spear-phishing campaigns against Turkish defense contractors.

According to RiskIQ, the perpetrators have been targeting multiple people inside a given organization since November 2017 with weaponized documents that download a remote access Trojan (RAT) named Remcos. Remcos can log keystrokes, take screenshots, record audio and video from a webcam or microphone, install and uninstall programs, and manage files. Interestingly, it also has SOCKS5 proxy capabilities: An operator can turn the victims of the crime into proxies for its own network, hiding the real C2 server.

“Regions of the world in geopolitical turmoil, like Turkey, are prime targets for cyber-espionage campaigns,” said RiskIQ researcher Yonathan Klijnsma in a blog. “The group used tactics that have become extremely useful for cyber-spies – spear-phishing emails that social engineer the victim to download an attached or embedded file and then enable macros.”

The email supposedly comes from the Turkish government entity responsible for taxes. The email states that there is a possible tax exemption in place for the receiver if they fill out the attached documents. Although the sender domain, gerlirler.gov.tr, is valid, the actual email Sender Policy Framework (SPF) verification failed in analysis.

“We would also like to point out that this campaign wasn’t run on its own — far before this campaign, the actors used these domains in other attacks,” Klijnsma said. “Pivoting through the related IP addresses can give some additional insights into the vast infrastructure of this attacker, which seems to be relying on using its victims as the SOCKS5 tunnels’ proxies.” 

the full article is here :https://www.infosecurity-magazine.com/ne...n-turkish/
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Sandbox evasion malware used for cyber espionage, new study shows Bjyda 2 1,540 03-09-2021 , 04:04 AM
Last Post: mrtrout
  Lazarus Group Hits COVID-19 Vaccine-Maker in Espionage Attack mrtrout 0 1,152 12-24-2020 , 06:49 AM
Last Post: mrtrout
  Infected WordPress Sites Are Attacking Other WordPress Sites Mohammad.Poorya 0 1,786 12-08-2018 , 06:00 PM
Last Post: Mohammad.Poorya
  Cyber-espionage group uses Chrome extension to infect victims Mohammad.Poorya 0 2,314 12-05-2018 , 07:40 PM
Last Post: Mohammad.Poorya
  Apple sets up China datacentre to meet new cybersecurity rules LowcyGier 0 2,097 07-14-2017 , 04:56 PM
Last Post: LowcyGier



Users browsing this thread: 2 Guest(s)