Lightspy

Threat Actor Profile Updated 3 days ago
Download STIX
Preview STIX
LightSpy is a threat actor known for executing actions with malicious intent. First documented in 2020 by Trend Micro and Kaspersky, LightSpy refers to an advanced iOS backdoor that's distributed via watering hole attacks through compromised news sites. Notably, this malware was used in a campaign aimed at infecting the iPhones of users in Hong Kong with an iOS version of the LightSpy backdoor. The distribution method involved iframe injection on websites for Hong Kong citizens, leading to a WebKit exploit. In a renewed espionage campaign, LightSpy has been targeting South Asia, specifically India, with iOS spyware. This campaign bears similarities with the one from 2020, indicating a pattern in LightSpy's operations. The latest version of LightSpy uses the F_Warehouse framework, enhancing its capabilities. Furthermore, multiple plugins have been added to the malware, including soft list, baseinfo, bill, cameramodule, chatfile, filemanager, locationmodule, locationBaidu, qq, shell, soundrecord, telegram, wechat, and wifi. These plugins extend the functionality of the main LightSpy implant, loaded by a component referred to as "The Loader." Researchers have also identified a new variant of the LightSpy malware that now targets macOS devices, demonstrating an expansion of the threat actor's reach beyond mobile platforms. This development underscores the evolving nature of LightSpy's activities and the increasing sophistication of their attack methods. As such, continued vigilance and robust cybersecurity measures are crucial to counter these threats effectively.
What's your take? (Question 1 of 5)
d2018129-e297-4271-a144-c18cb21b8912 Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
DragonEgg
2
DragonEgg is a malware associated with the notorious Chinese Advanced Persistent Threat (APT) group, APT41. This malicious software was developed to exploit and damage computer systems, often infiltrating through suspicious downloads, emails, or websites. The malware has been linked to surveillance
APT41
2
APT41, also known as Winnti, Wicked Panda, Barium, Suckfly, Earth Freybug, and Daggerfly, is a China-attributed threat actor that has been active since at least 2012. The group has targeted organizations across at least 14 countries, focusing on entities in the South China Sea region. APT41's activi
Wicked Panda
2
Wicked Panda, also known as APT41, Double Dragon, and Bronze Atlas, is a state-sponsored threat actor originating from China, recognized for its dual espionage and cybercrime operations. The Department of Health and Human Services' Health Sector Cybersecurity Coordination Center has identified Wicke
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Ios
State Sponso...
Implant
Spyware
Telegram
Threatfabric
Exploit
Apt
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Lightspy Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Securityaffairs
a month ago
A renewed espionage campaign targets South Asia with iOS spyware LightSpy
CERT-EU
8 months ago
LightSpy iPhone Spyware Linked to Chinese APT41 Group
CERT-EU
8 months ago
Chinese APT Actors Target WeChat Users
BankInfoSecurity
8 months ago
Chinese APT Actors Target WeChat Users
CERT-EU
8 months ago
LightSpy APT Attacking WeChat Users to Steal Payment Data
CERT-EU
8 months ago
LightSpy APT Attacking WeChat Users to Steal Payment Data
Securityaffairs
a month ago
Security Affairs newsletter Round 468 by Pierluigi Paganini – INTERNATIONAL EDITION
CERT-EU
8 months ago
Similarities between DragonEgg Android spyware, LightSpy iOS surveillance tool examined
MITRE
a year ago
APT trends report Q1 2020
CERT-EU
8 months ago
Cyber Security Week in Review: October 6, 2023
Securityaffairs
3 days ago
Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION
MITRE
a year ago
Watering hole deploys new macOS malware, DazzleSpy, in Asia | WeLiveSecurity
Checkpoint
a month ago
29th April – Threat Intelligence Report - Check Point Research
Securityaffairs
24 days ago
Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
a month ago
Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION