Kaspersky Reveals Advanced Espionage Campaign Targeting Governments and Companies in the Middle East and Africa
Kaspersky announced the discovery of an advanced espionage campaign targeting government entities, prominent companies in the Middle East and Africa, as well as specific individuals. The campaign is led by the advanced threat group known as “SideWinder,” which utilizes a new and previously unknown spy tool called “StellerBot.”
How does this tool work, and what are the protection methods against its penetration? Dr. Mohamed Mohsen Ramadan, cybersecurity consultant and head of the Artificial Intelligence Studies Unit at the Arab Center for Research and Studies, explained in statements to “Al-Arabiya.net” and “Al-Hadath.net” that “SideWinder” is also known as a type of snakes or modern electronic missiles, and is considered one of the most active threat groups since its founding in 2012. This group has targeted numerous military and governmental entities over the years.
The group uses the “StellerBot” tool, which is an advanced digital vulnerability designed specifically for espionage, and acts as a key tool after executing cyber attacks, making it difficult to detect. Dr. Ramadan emphasized that information theft programs are a form of Trojan horse and robot attacks, spreading through traditional infection methods like malicious attachments sent through spam campaigns and websites infected with malicious ads.
Typical targets of these attacks include gaining access to credential data used for online banking services, social networking sites, and email. Information thieves use multiple methods such as browser hijacking and stealing user-input credential data.
Dr. Ramadan added that new thieves resort to using scripts that add additional fields and send information to the attacker’s server, as well as attempting to seize information from open windows and stored passwords and stealing cookies.
One of the methods used by cybercriminals is injecting malware into computers when users visit malicious websites or click on online advertisements. These ads redirect users to affiliate sites where their data can be stolen or malware downloaded.
The security expert emphasized the importance of early detection of this malware, as delaying threat detection can lead to the compromise of critical accounts. Therefore, it is advised to use effective antivirus protection software and avoid installing suspicious programs. If there is suspicion of information theft on a computer, a comprehensive system scan using anti-malware tools should be conducted, and all passwords should be changed immediately. It is also recommended to follow good security practices, be cautious of unfamiliar websites, and avoid opening unknown attachments.
