PUNE: FireEye recently released “Behind the Syrian Conflict’s Digital Front Lines,” a report from the FireEye Threat Intelligence team detailing the activities of a cyber-espionage group that stole Syrian opposition’s strategies and battle plans.
To undertake this operation, the threat group employed a familiar tactic: ensnaring its victims through conversations with seemingly sympathetic and attractive women. As the conversations progressed, the “women” would offer up a personal photo, laden with malware and developed to infiltrate the target’s computer or Android phone.
“In the course of our threat research, we found the activity focused on the Syrian opposition that shows another innovative way threat groups have found to gain the advantage they seek,” said Nart Villeneuve, senior threat intelligence researcher at FireEye. “While we cannot positively identify who is behind these attacks, we know that they used social media to infiltrate victims’ machines and steal military information.”
Between at least November 2013 and January 2014, the group stole a cache of critical documents and Skype conversations revealing the Syrian opposition’s strategy, tactical battle plans, supply needs, and troves of personal information and chat sessions.
During analysis by FireEye Threat Intelligence, a unique tactic of the threat group was uncovered. Over the course of a Skype conversation the attacker would ask the victim what type of device he was using to chat. By determining whether it was an Android phone or a computer, the hackers would then send appropriately tailored malware.