A wave of advanced persistent threat (APT) attacks aimed at Libyans has been detected, using malware that conducts surveillance functions. Spotted by Check Point Research, the Stealth Soldier malware primarily conducts surveillance functions such as file exfiltration, screen and microphone recording, keystroke logging, and stealing browser information. Check Point researchers said the oldest version was compiled last October, and believe the command-and-control (C2) network is part of a larger set of infrastructure, used for spear-phishing campaigns against government entities. The Stealth Soldier infrastructure has some overlaps with infrastructure used in the "Eye on the Nile" campaign, which operated against Egyptian targets in 2019. Shykevich confirms there has been no detection of attacks on Egyptian users using the Stealth Soldier malware.

Source: Libya Today June 12, 2023 22:37 UTC