SilentSelfie: Revealing a major campaign against Kurdish websites

Sept. 26, 2024, 1:39 p.m.

Description

A large-scale cyber espionage campaign targeting Kurdish websites was uncovered, involving 25 compromised sites using four variants of malicious scripts. The attacks ranged from simple location tracking to prompting users to install malicious Android apps. Despite lacking sophisticated techniques, the campaign's scale and duration were notable, operating undetected since late 2022. The compromised sites were linked to Kurdish media, political organizations, and the Rojava administration in Syria. A malicious Android app disguised as a news app was also discovered, capable of exfiltrating user data. While attribution remains uncertain, potential actors include Turkish intelligence, Syrian government, or the Kurdistan Regional Government of Iraq.

External References

https://blog.sekoia.io/silentselfie-uncovering-a-major-watering-hole-campaign-against-kurdish-websites/
https://otx.alienvault.com/pulse/66f40adaa1136fb5f6096cc6
Tags
cyber espionage
2024-09-25
watering hole
android malware
kurdish
silentselfie
location tracking
rojava

Date

  • Created: Sept. 25, 2024, 1:06 p.m.
  • Published: Sept. 25, 2024, 1:06 p.m.
  • Modified: Sept. 26, 2024, 1:39 p.m.

Attack Patterns

  • SilentSelfie
  • T1608.001
  • T1102.002
  • T1528
  • T1608.005
  • T1573.001
  • T1110
  • T1189
  • T1056.001
  • T1071.001
  • T1204.002
  • T1176
  • T1592
  • T1133

Additional Informations

  • Media
  • Government
  • Syrian Arab Republic
  • Iraq
  • Türkiye