DeathStalker APT threatens legal and financial bodies

State-sponsored players in the threat and sophisticated attacks are often the focus of attention.

Indeed our imagination was attracted by their innovative technology , advanced malware platform, and 0day exploit chain.

Nonetheless, these categories are also unlikely to be part of the risk paradigm of most businesses, and should not be part of it From a risk model.

Today’s businesses face more direct risks, including the leakage of malware and consumer information competitors committing to unethical business practices.

We’ll concentrate on DeathStalker at this blog post:

This is a specific group of threats which seems to target law firms and financial sector companies (Although we’ve seen it on other verticals occasionally).

These are not driven by economic interests, as far as we know.

We do not deploy ransomware, steal and resell the payment details or participate in any kind of operation

Linked to underworld cybercrime. They are involved in gathering sensitive business information which makes us believe that DeathStalker is a group of mercenaries offering rental services to hackers or working as some kind of financial information broker.

DeathStalker first caught our attention through an implant based on Powersing’s PowerShell. We may recognize events that date back to 2018 or even 2012, by breaking down this thread. But before we delve into DeathStalker ‘s history, we’ll start with some background, The next introduces an arsenal of threats.

For more information, please visit Seebug Paper to read the full text : paper.seebug.org/1312/