The Latest FireEye News
Product and Solution Information, Press Releases, Announcements
|FireEye Reveals Threat Group Employed Skype to Steal Military Plans in Syria|
|Posted: Mon Feb 02, 2015 01:52:05 PM|
Stolen Data Would Provide a Battlefield Advantage for Syrian President Assad’s Forces
Milpitas, Calif. – February 2, 2015 – FireEye, Inc. (NASDAQ: FEYE), the leader in stopping today's advanced cyber attacks, today released “Behind the Syrian Conflict’s Digital Front Lines,” a report from the FireEye Threat Intelligence team detailing the activities of a cyber espionage group that stoleSyrian opposition’s strategies and battle plans. To undertake this operation, the threat group employed a familiar tactic: ensnaring its victims through conversations with seemingly sympathetic and attractive women. As the conversations progressed, the “women” would offer up a personal photo, laden with malware and developed to infiltrate the target’s computer or Android phone.
“In the course of our threat research, we found the activity focused on the Syrian opposition that shows another innovative way threat groups have found to gain the advantage they seek,” said Nart Villeneuve, senior threat intelligence researcher at FireEye. “While we cannot positively identify who is behind these attacks, we know that they used social media to infiltrate victims’ machines and steal military information that would provide an advantage to President Assad’s forces on the battlefield.”
Between at least November 2013 and January 2014, the group stole a cache of critical documents and Skype conversations revealing the Syrian opposition’s strategy, tactical battle plans, supply needs, and troves of personal information and chat sessions. This data belonged to the men fighting against Syrian President Bashar al-Assad’s forces as well as media activists, humanitarian aid workers, and others within the opposition located in Syria, the region and beyond.
During analysis by FireEye Threat Intelligence, a unique tactic of the threat group was uncovered. Over the course of a Skype conversation the attacker would ask the victim what type of device he was using to chat. By determining whether it was an Android phone or a computer, the hackers would then send appropriately tailored malware.
FireEye Threat Intelligence has found limited indications about the threat group’s origins, but if the data was acquired by President Assad’s forces or allies, it would benefit his military efforts.
Stolen data includes:
The full report is available here: https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-behind-the-syria-conflict.pdf.