SilentSelfie: Revealing a major campaign against Kurdish websites
Sept. 26, 2024, 1:39 p.m.
Tags
External References
Description
A large-scale cyber espionage campaign targeting Kurdish websites was uncovered, involving 25 compromised sites using four variants of malicious scripts. The attacks ranged from simple location tracking to prompting users to install malicious Android apps. Despite lacking sophisticated techniques, the campaign's scale and duration were notable, operating undetected since late 2022. The compromised sites were linked to Kurdish media, political organizations, and the Rojava administration in Syria. A malicious Android app disguised as a news app was also discovered, capable of exfiltrating user data. While attribution remains uncertain, potential actors include Turkish intelligence, Syrian government, or the Kurdistan Regional Government of Iraq.
Date
Published: Sept. 25, 2024, 1:06 p.m.
Created: Sept. 25, 2024, 1:06 p.m.
Modified: Sept. 26, 2024, 1:39 p.m.
Attack Patterns
SilentSelfie
T1608.001
T1102.002
T1528
T1608.005
T1573.001
T1110
T1189
T1056.001
T1071.001
T1204.002
T1176
T1592
T1133
Additional Informations
Media
Government
Syrian Arab Republic
Iraq
Türkiye