Malware infects foreign embassies in Iran

Posted date 11/02/2019

04/02/2019

Kaspersky Lab has warned of several attempts to infect foreign embassies in Iran with a home-made program, which appears to use a Remexi malware backdoor update along with several legitimate tools.

Malware is capable of executing commands remotely, making screenshots, obtaining browser data, including user access credentials and history. The data obtained is filtered using the legitimate Microsoft Background Intelligent Transfer Service (BITS).

This malware was first detected in 2015 and used by the cyberspionage group Chafer in a surveillance operation targeting individuals and organizations in the Middle East.

References

04/02/2019

infochannel.info

Kaspersky alerta de ciberataques a embajadas
05/02/2019

securitic.com.mx

Grupo Chafer ataca embajadas con programa casero de ciberespionaje: Kaspersky Lab
06/02/2019

cso.computerworld.es

Un 'malware' de fabricación casera que espía a las embajadas
07/02/2019

pcbuyersguide.com.ph

Chafer Cyberespionage Group Targets Embassies with Updated Homebrew Spyware

Etiquetas