Tag Archive for: stealth
Advanced Espionage Malware “Stealth Soldier” Hits Libyan Firms
The Stealth Soldier campaign marks the possible reappearance of a threat actor known as “The Eye on the Nile” since its last operation in 2019.
Check Point Research has recently uncovered a series of highly-targeted espionage attacks in Libya, shedding light on a previously undisclosed backdoor called Stealth Soldier. This sophisticated malware operates as a custom modular backdoor with surveillance functionalities, including file exfiltration, screen and microphone recording, keystroke logging, and stealing browser information.
The campaign, which appears to be targeting Libyan organizations, marks the possible re-appearance of a threat actor known as “The Eye on the Nile” since its last operation in 2019.
Stealth Soldier, an implant used in limited and targeted attacks, has shown active maintenance with the latest version, Version 9, compiled in February 2023. Check Point Research’s investigation began with the discovery of multiple files submitted to VirusTotal between November 2022 and January 2023 from Libya.
These files, named in Arabic, such as “هام وعاجل.exe” (Important and Urgent.exe) and “برقية 401.exe” (Telegram 401.exe), turned out to be downloaders for different versions of the Stealth Soldier malware.
The execution flow of Stealth Soldier starts with the downloader, which triggers the infection chain. Although the delivery mechanism of the downloader remains unknown, social engineering is suspected.
The malware’s infection process involves downloading multiple files from the Command and Control (C&C) server, including the loader, watchdog, and payload. These components work together to establish persistence and execute the surveillance functionalities.
First, the loader downloads an internal module called PowerPlus to enable PowerShell commands and create persistence. Then, the watchdog periodically checks for updated versions of the loader and runs it accordingly. Finally, the payload collects data, receives commands from the C&C server, and executes various modules based on the attacker’s instructions.
The victim’s information collected by the Stealth Soldier’s payload includes the…
Protect AI emerges from stealth and raises $13.5 million
Protect AI emerged from stealth with $13.5 million seed funding and its first product, NB Defense.
NB Defense addressess vulnerabilities in a core component used at the beginning of the machine learning supply chain – Jupyter Notebooks. This is a rapidly growing security issue which is increasing significantly annually as more organizations move machine learning into production environments. Today, there are over 10M publicly accessible notebooks, growing by 2M+ annually, with many more in private repositories.
The company was founded by a proven leadership team who have led some of the largest and most successful AI businesses from AWS and Oracle, with strong track records of creating new market categories and launching successful startups in the ML space.
The round was co-led by successful cybersecurity investors Acrew Capital and boldstart ventures. Mark Kraynak and Ed Sim, respectively, join the Protect AI Board of Directors. Additional investors include Knollwood Capital, Pelion Ventures, Avisio Ventures, and experienced cybersecurity leaders Shlomo Kramer, Nir Polak, and Dimitri Sirota.
“As enterprises put AI/ML in production it must be protected commensurate with the value it delivers. I have seen more than one hundred thousand customers deploy AI/ML systems, and realized they introduce a new and unique security threat surface that today’s cybersecurity solutions in the market do not address,” said Ian Swanson, co-founder and CEO, Protect AI.
“This is why we founded Protect AI. ML developers and security teams need new tools, processes, and methods that secure their AI systems. Since nearly all ML code begins with a notebook, we thought that’s the most logical place to start so that we can accelerate a needed industry transition. We are launching a free product that helps usher in this new category of MLSecOps to build a safer AI-powered world, starting now. But, we have many more innovations that will be released quickly across the entire ML supply chain.”
As MLOps has helped increase the velocity of machine learning being used in production, opportunities for security incidents have increased and new vulnerabilities have been created in the…
Insidious Android malware gives up all malicious features but one to gain stealth – We Live Security
Insidious Android malware gives up all malicious features but one to gain stealth We Live Security
“android security news” – read more