Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyberwarfare

Religious Minority Persecuted in Iran Targeted With Sophisticated Android Spyware

Kaspersky is warning of a previously unknown espionage campaign targeting the Persian-speaking religious minority Bahaʼi with Android spyware.

As part of the campaign, victims were lured to a VPN application claiming to provide access to Bahaʼi religious resources that are banned in Iran.

Kaspersky is warning of a previously unknown espionage campaign targeting the Persian-speaking religious minority Bahaʼi with Android spyware.

As part of the campaign, victims were lured to a VPN application claiming to provide access to Bahaʼi religious resources that are banned in Iran.

The application contains highly sophisticated spyware designed to collect all types of data from devices, including call logs and contact lists, and to track victims’ activities. The malware, named SandStrike, also supports commands that allow the attackers to perform various operations on the device.

The threat actor behind SandStrike created Facebook and Instagram accounts with over 1,000 followers and lured victims using religious-themed materials containing a link to a Telegram channel controlled by the attackers.

The adversary used this channel to distribute the nefarious VPN application claiming it would allow users to access banned sites. The attackers set up their own VPN infrastructure to increase the legitimacy of the claims.

Kaspersky’s description of the attacks involving SandStrike spyware come just weeks after reports that Iran has intensified its persecution of the Baha’i religious minority.

SandStrike, however, was only one of the threat actors active in the Middle East during the third quarter of the year, Kaspersky says.

The security firm analyzed the sophisticated malware platform Metatron, observed the SilentBreak threat group using a new C++ backdoor, SoleExecutor, and documented the activities of DeftTorero (aka Lebanese Cedar, Volatile Cedar).

Advertisement. Scroll to continue reading.

Detailed in September, Metatron focuses on telecommunications, ISPs, and universities in the Middle Eastern and Africa. The adversary bypasses native security solutions and executes malware directly into memory.

In its analysis of the advanced persistent threat (APT) actors’ activity for the third quarter of 2022, Kaspersky also mentions the operations of Russian, Chinese, and North Korean threat actors, pointing out that cyberespionage remains the main goal of the observed APT campaigns.

“APT actors are now strenuously used to create attack tools and improve old ones to launch new malicious campaigns. In their attacks, they use cunning and unexpected methods: SandStrike, attacking users via VPN service, where victims tried to find protection and security, is an excellent example,” said Kaspersky lead security researcher Victor Chebyshev.

Related: Iranian Hackers Target Enterprise Android Users With New RatMilad Spyware

Related: Sophisticated Android Spyware ‘Hermit’ Used by Governments

Related: New Android Spyware Uses Turla-Linked Infrastructure

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cyberwarfare

WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

Cyberwarfare

Russian espionage group Nomadic Octopus infiltrated a Tajikistani telecoms provider to spy on 18 entities, including government officials and public service infrastructures.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Cyberwarfare

Several hacker groups have joined in on the Israel-Hamas war that started over the weekend after the militant group launched a major attack.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...