An enigmatic cyberespionage collective, referred to as XDSpy, has been implicated in a recent malware campaign targeting entities in Russia and Moldova.
This month, the group, which is believed to have ties to a national government, initiated a phishing expedition aimed at Russian organizations, including a company specializing in cash register software, and an entity in Transnistria, a region under Russian influence within Moldova.
A cybersecurity organization based in Russia, identified as F.A.C.C.T., uncovered the deceptive emails which contained a link to a seemingly benign executable file. This file was a trojan horse, enabling the attackers to execute harmful code discreetly.
The assailants employed a novel tool, dubbed XDSpy.DSDownloader by the researchers. It remains unclear whether the attackers successfully infiltrated the targeted systems or exfiltrated any data.
Active since 2011, XDSpy is suspected to be a state-sponsored actor focusing its efforts on Eastern European and Balkan nations. The specific nation backing the group remains unidentified despite its extensive operational history.
F.A.C.C.T. reports that XDSpy’s preferred targets span various sectors in Russia, including military, financial, energy, research, and mining.
In recent operations, the group set its sights on a Russian metallurgical firm and a missile research institute in December, followed by a renowned research institute targeted with malicious PDFs in July.
While XDSpy’s toolkit is not considered highly advanced, their operational security is notably robust. Cybersecurity experts have observed the group’s dedication to camouflaging their malware, aiming to bypass security measures. This meticulous approach suggests a reasonable success rate for their operations, despite ongoing surveillance by security professionals.
Sponsored • TRJ Ads
Inquiries: contact@therealistjuggernaut.com
