The Syrian opposition has become the target of attackers who managed to steal confidential documents nearly 8GB via Skype malware, including battle plans, troop locations, names of fighters and lists of deceased soldiers, as well as all sorts of other data. The attackers would logs more than 31,000 Skype calls have stolen and had provided the Skype databases. These databases contain the contacts of the victim and call details.In this way, the attackers were a comprehensive picture of the relationships within the opposition.
To obtain the information the attackers made several Skype accounts with female profile pictures. The profiles were then used against male members of the Syrian opposition. First, a relationship with the targets are built before they were sent via Skype malware. In addition, the attackers asked regularly whether the targets were using Skype on their phone or computer.Probably to determine what needed to be used for malware.
Before the malware was sent the attackers targeted first asked for a photo. Then they sent supposedly a picture of the "woman" behind the profile back. It was a self-extracting RAR archive with a .pif file extension. If the victim opened the so-called photo got to see a picture, while in the background the Dark Comet Remote Access Tool (RAT) was installed. Through this malware, the attackers had full control over the computer.
According to security firm FireEye that the attack campaign discovered the attackers used the stolen Skype databases to select next victims. In addition, would share many opposition members forced computers. Once a computer was infected, the attackers of several people could steal their data. "This information probably fulfilled an important role in the operational plans and tactical decisions of the enemy, but were possible at the expense of human lives," said FireEye.
Before the malware was sent the attackers targeted first asked for a photo. Then they sent supposedly a picture of the "woman" behind the profile back. It was a self-extracting RAR archive with a .pif file extension. If the victim opened the so-called photo got to see a picture, while in the background the Dark Comet Remote Access Tool (RAT) was installed. Through this malware, the attackers had full control over the computer.
According to security firm FireEye that the attack campaign discovered the attackers used the stolen Skype databases to select next victims. In addition, would share many opposition members forced computers. Once a computer was infected, the attackers of several people could steal their data. "This information probably fulfilled an important role in the operational plans and tactical decisions of the enemy, but were possible at the expense of human lives," said FireEye.
No comments:
Post a Comment