Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Syrian Opposition Exploited by Malware

    By
    Sean Michael Kerner
    -
    February 2, 2015
    Share
    Facebook
    Twitter
    Linkedin
      security worries

      Malware is being used as a tactical weapon to gain intelligence in the ongoing Syrian civil war, according to a new report from security firm FireEye.

      FireEye found that attackers were able to target Syrian opposition groups to gain battlefield intelligence in a campaign that included 240,381 messages and resulted in 7.7GB of stolen data. Attackers leveraged social network tools including Skype and Facebook to trick victims into giving up information and loading malware that was able to exfiltrate information.

      In the case of the Syrian opposition, there is no centralized computing infrastructure with servers and databases; instead, the hacker campaign had to get information from individual endpoints.

      “The Syrian opposition fighters do not have complicated infrastructure. They rely on shared computers and mobile devices,” Jen Weedon, manager of Threat Intelligence and Strategic Analysis at FireEye, told eWEEK. “They have a decentralized operation, and as such the data and the intelligence are very spread out.”

      One part of the campaign involved taking advantage of a target victim’s Skype contact list. The attackers at various points pretended to be women wanting to discuss items with the Syrian opposition over Skype. Weedon noted that since the Syrian opposition shares infrastructure, there could be a lot of contact information on any one individual device.

      “Once the attackers could get through on one account, that would allow for access to a lot more information than just the one individual person,” Weedon said.

      Hacking activity with Syrian origins is not an entirely new phenomenon. In 2013 and 2014, the Syrian Electronic Army (SEA) attacked media outlets including Reuters, Washington Post, The New York Times and CNN. The SEA is a group that is loosely associated with the government of Syrian leader Bashar al-Assad. Weedon said that the newly uncovered campaign against the Syrian opposition appears to be unrelated to the SEA and uses different tactics.

      Malware

      In terms of the actual malware used in the campaign to target the Syrian opposition, Weedon said it did not include zero-day exploits and it largely focuses on Microsoft Windows operating systems for deployment. There was some evidence that the attackers also had the potential to leverage some Android malware as well, Weedon added.

      One of the primary tools used in the Syrian opposition attack is what is known as a multistage RAR dropper. An RAR file is a compressed archived file that may include any number of different malware payloads, such as a keylogger.

      “They used widely available tools and stuff that is publicly available,” Weedon said. “The benefit of using malware that is publicly available is that it obfuscates the origin.”

      FireEye was able to identify that the malware used was being managed by a command and control (C&C) server in Europe, though that doesn’t necessarily link the attack to any particular place of origin.

      Weedon added that the attacks against the Syrian opposition weren’t using particularly sophisticated tools. From a defensive perspective, the attacks likely could have been prevented with the proper use of antivirus software as well as fully up-to-date and patched software.

      “They were definitely not using any zero-day exploits, but if you’re on the battlefield looking to overthrow a regime, probably patching your computer is the last thing on your mind,” Weedon said.

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      Sean Michael Kerner
      Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×