DeathStalker is now believed to be offering cyber attacks to steal business data from companies in the financial industries. Security experts have spotted new cyber activity and a new malware.
DeathStalker is a very unusual actor. The group, which has been active since for 8 years, carries out espionage against small and medium sized companies such as law firms or representatives. In contrast to other groups, DeathStalker does not seem to be motivated or to seek profit from the attacked companies. Rather, the group offer their cyber attacks for a fee.
Researchers Have Now Uncovered A New Malware
The group used global events and the pandemic to get its victims to open the harmful files. The main malicious payload is used to hide data in the midst of content. In the case, the malicious code is embedded in apparently images and then extracted by a loader script. After that, the group begins executing remote shell commands and it receives from the DeathStalker hackers that aim to steal business data.
The malware can execute any command on the target network, including those used for data leak, such as gathering user and file data from the PC, browsing network file shares and downloading binary files or content encrypted to remotes.
PowerPepper was used in cyber activites mainly in Europe, but also in Asia. By checking the IPs used, the malware can be detected in many European countries. DeathStalker’s previous activites have mainly been used against legal advice companies or cryptocurrency providers.
The malware proves once again that DeathStalker is a creative cyber threat actor. This actor is able to consistently develop new implants and tool chains in a short period of time. PowerPepper is already the fourth malware strain that can be attributed.
Deathstalker’s Malware Has Proven To Be Quite Dangerous
This may be because their primary targets are small and medium sized businesses, which are tend to deploy less security networks.