Security firm ESET was able to uncover an advanced persistent threat (APT) group that remained hidden on government and private company networks in Eastern Europe for nearly a decade. The group, named XDSpy, used the XDDown downloader to infect victims and download secondary modules that enabled the attacks to remain undetected.

More from ESET:

• Spearphishing was the primary technique used to infect the target's network.
• The group was first identified in a Belarus CERT advisory about a campaign targeting government agencies in the country.
• The malware disguised itself by using string obfuscation and dynamic Windows API library loading.
• The group focused its attacks on monitoring removable drives, taking screenshots, and exfiltrating documents.