SecuriTricks - Attack Report

External References

https://blog.sekoia.io/

https://otx.alienvault.com/

Description

A large-scale cyber espionage campaign targeting Kurdish websites was uncovered, involving 25 compromised sites using four variants of malicious scripts. The attacks ranged from simple location tracking to prompting users to install malicious Android apps. Despite lacking sophisticated techniques, the campaign's scale and duration were notable, operating undetected since late 2022. The compromised sites were linked to Kurdish media, political organizations, and the Rojava administration in Syria. A malicious Android app disguised as a news app was also discovered, capable of exfiltrating user data. While attribution remains uncertain, potential actors include Turkish intelligence, Syrian government, or the Kurdistan Regional Government of Iraq.

Date

Published	Created	Modified
Sept. 25, 2024, 1:06 p.m.	Sept. 25, 2024, 1:06 p.m.	Sept. 26, 2024, 1:39 p.m.

Attack Patterns

SilentSelfie

T1608.001

T1102.002

T1528

T1608.005

T1573.001

T1110

T1189

T1056.001

T1071.001

T1204.002

T1176

T1592

T1133

Additional Informations

Media

Government

Syrian Arab Republic

Iraq

Türkiye

SilentSelfie: Revealing a major campaign against Kurdish websites

Tags

External References

Description

Date

Attack Patterns

Additional Informations