“DeathStalker” hackers are (likely) older and more prolific than we thought

Enlarge (credit: Getty Images)

In 2018, researchers from security firm Kaspersky Lab began tracking “DeathStalker,” their name for a hacker-for-hire group that was employing simple but effective malware to do espionage on law firms and companies in the financial industry. Now, the researchers have linked the group to two other pieces of malware including one that dates back to at least 2012.

DeathStalker came to Kaspersky’s attention for its use of malware that a fellow researcher dubbed “Powersing”. The malware got its name for a 900-line PowerShell script that attackers went to great lengths to obfuscate from antivirus software.

Attacks started with spear-phishing emails with attachments that appeared to be documents but—through a sleight of hand involving LNK files—were actually malicious scripts. To keep targets from getting suspicious, Powersing displayed a decoy document as soon as targets clicked on the attachment.

Read 9 remaining paragraphs | Comments

from Biz & IT – Ars Technica https://ift.tt/2YxWP7N