Cyber Security company ‘FireEye’ recently reported that a group which is likely tied to the Syrian government has been using malware, distributed via honeypot websites, to gain access to information held by the rebels within the country. Among the information compromised are battle plans and military documents, political strategy and alliance information between rebel groups, and media releases.
So what exactly did this hacker group do? According to FireEye, they employed the use of social networking websites and services such as Facebook and Skype and created false identities and profiles, posing mainly as Syrian women, who said they were supporters of the opposition. In addition to this, a fake pro-opposition website was created, using structures found on other websites, and reportedly had a ‘matchmaking’ section as well which offered links to the Facebook pages mentioned above, as well as links to live webcams.
From here, how the malware was downloaded depended on what the victim did. The links to the live webcams would prompt the user to downloaded an ooVoo software package which contained malware, and the made up persons on Facebook and Skype would offer photos of themselves in chat, that would contain the malware itself.
What is interesting is that FireEye clams that the attack didn’t use any particularly sophisticated tools, and that it likely would have failed if the opposition was using proper anti-virus software. That said, they also reported that the opposition did not have a very complicated infrastructure, part of which relied on shared computers.
Links used for research: