"Stealth Soldier: A New Custom Backdoor Targets North Africa with Espionage Attacks"

A new backdoor called "Stealth Soldier" has been used in a series of highly-targeted espionage attacks in North Africa. According to researchers at Check Point, Stealth Soldier malware is a custom backdoor that mainly carries out surveillance processes such as file exfiltration, screen and microphone recording, keystroke logging, and browser information theft. The ongoing operation involves command-and-control (C2) servers that impersonate sites belonging to the Libyan Ministry of Foreign Affairs. October 2022 is when the earliest artifacts associated with the campaign were discovered. The attacks begin with potential targets downloading fraudulent downloader binaries that are delivered via social engineering attacks and serve as a conduit for retrieving Stealth Soldier. In addition, the Stealth Soldier infrastructure overlaps with infrastructure associated with the Eye on the Nile phishing campaign, which targeted Egyptian journalists and human rights activists in 2019. This article continues to discuss findings regarding Stealth Soldier malware.

THN reports "Stealth Soldier: A New Custom Backdoor Targets North Africa with Espionage Attacks"