Recent attacks associated with the threat actor known as StrongPity appear to focus on the Kurdish community in Turkey and Syria, Bitdefender security researchers say.
Active since at least 2012 and also tracked as Promethium, the threat actor was initially detailed in 2016, when it mainly focused on victims in Italy, Turkey, and Belgium. The group is believed to be state-sponsored, but there appears to be little evidence to support that.
Despite the publishing of several reports detailing its activities, the threat actor remains active and continues to target victims in various regions, including Colombia, India, Canada and Vietnam, Cisco Talos reveals. Despite that, however, most of the group’s victims are located in Turkey, says Bitdefender.
The group’s tools, tactics, and procedures (TTPs) saw few changes over the past four years, and it continues to rely on trojanized installers of well-known applications to infect its victims. Furthermore, the actor appears to continue relying on watering hole attacks.
StrongPity is known to engage in cyber-espionage, and the recently observed campaigns are no different. However, the adversary appears to have expanded its operations to new regions, past the previously targeted Europe, Northern Africa and the Middle East geographies.
Over the past year, the threat actor has been conducting at least three different campaigns, which are believed to be overlapping. Furthermore, some of the domains used in these attacks still receive hits, suggesting that they continue to b ..
Support the originator by clicking the read the rest link below.
