Lightspy

Threat Actor updated 23 days ago (2024-11-29T14:12:58.230Z)
Download STIX
Preview STIX
LightSpy is a threat actor known for its sophisticated and malicious activities. It first gained attention in 2022 when it began deploying its namesake spyware, LightSpy, which has since evolved to possess extensive spying capabilities. The group has strategically enhanced its capabilities over time, allowing it to intercept communications and steal data with total stealth, according to Blackberry researchers. A key feature of LightSpy's operation is its modular framework, enabling it to adapt and expand its functionalities as required. The spyware can exfiltrate data from popular applications such as Telegram, QQ, and WeChat, and also access personal documents and media stored on the device. In a renewed espionage campaign targeting South Asia, particularly India, LightSpy has introduced an upgraded version of its Apple iOS spyware. This new version, discovered by ThreatFabric experts in May 2024, supports destructive capabilities that can prevent infected devices from booting up. Notably, this new version had been active in the wild since at least January 2024. The spyware is downloaded via FrameworkLoader, which then installs LightSpy’s core module and the necessary plugins used by the spyware. In addition to its iOS operations, LightSpy has also developed a macOS version of its spyware, further broadening its attack surface. This version supports ten plugins designed to exfiltrate private information from devices, demonstrating the group's persistent efforts to enhance its surveillance capabilities. The discovery of these developments underscores the growing threat posed by LightSpy and the need for constant vigilance and robust cybersecurity measures.
Description last updated: 2024-11-15T16:09:40.426Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
APT41 is a possible alias for Lightspy. APT41, also known as Winnti, is a threat actor suspected to be originating from China, with its activities dating back to as early as 2012. It has targeted organizations in at least 14 countries and has been associated with the use of at least 46 different code families and tools. The group's activi
3
Wicked Panda is a possible alias for Lightspy. Wicked Panda, also known as APT41, Double Dragon, and Brass Typhoon, is a prominent threat actor in the cybersecurity landscape. This China state-sponsored group has been identified as one of the top threat actors by the Department of Health and Human Services' Health Sector Cybersecurity Coordinati
2
DragonEgg is a possible alias for Lightspy. DragonEgg is a malware associated with the notorious Chinese Advanced Persistent Threat (APT) group, APT41. This malicious software was developed to exploit and damage computer systems, often infiltrating through suspicious downloads, emails, or websites. The malware has been linked to surveillance
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ios
Malware
Implant
State Sponso...
Macos
Apt
Spyware
Threatfabric
Exploit
Telegram
Android
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Lightspy Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Securityaffairs
a month ago
Securityaffairs
2 months ago
DARKReading
a month ago
InfoSecurity-magazine
2 months ago
Securityaffairs
4 months ago
Securityaffairs
5 months ago
Securityaffairs
5 months ago
Securityaffairs
5 months ago
Securityaffairs
5 months ago
Securityaffairs
5 months ago
Securityaffairs
6 months ago
Securityaffairs
6 months ago
Securityaffairs
6 months ago
Securityaffairs
7 months ago
Securityaffairs
7 months ago
Securityaffairs
7 months ago
Securityaffairs
8 months ago
Checkpoint
8 months ago
Securityaffairs
8 months ago
Securityaffairs
8 months ago