A report released Tuesday details how a Middle East-based advanced persistent threat (APT) adversary is targeting Android users with new, stealthy spyware variants, particularly in the Palestinian territories.
The findings shed new light on a global influence campaign that went from pushing anti-NATO narratives to narrowly targeting opponents of Belarusian President Alexander Lukashenko at home and abroad over the past year and a half.
The campaign dates back to at least Sept. 17, when the group was observed scanning hundreds of organizations that had yet to install a Sept. 6 update to fix the flaw, including 350 Zoho servers in the U.S. alone. Five days later, they began setting up web shells and exploiting targets across multiple different sectors through October.
Attackers said to use a combination of unknown RAT and DropBox for command and control to conduct recon, move laterally, and exfiltrate data from global companies in the Middle East, Russia, Europe, and the United States.