Security firm ESET was able to uncover an advanced persistent threat (APT) group that remained hidden on government and private company networks in Eastern Europe for nearly a decade. The group, named XDSpy, used the XDDown downloader to infect victims and download secondary modules that enabled the attacks to remain undetected.
More from ESET:
- Spearphishing was the primary technique used to infect the target's network.
- The group was first identified in a Belarus CERT advisory about a campaign targeting government agencies in the country.
- The malware disguised itself by using string obfuscation and dynamic Windows API library loading.
- The group focused its attacks on monitoring removable drives, taking screenshots, and exfiltrating documents.