Stealth Soldier

Malware updated 4 months ago (2024-05-04T16:50:18.374Z)

Download STIX

Preview STIX

Stealth Soldier is a previously undisclosed modular backdoor malware identified by Check Point researchers in an ongoing espionage operation against targets in North Africa, as reported on June 8, 2023. The malware exhibits multi-stage infection capabilities and is being used for surveillance and espionage operations, primarily against Libyan and Egyptian targets. The operators of the Stealth Soldier malware are believed to be politically motivated, utilizing a significant network of phishing domains to conduct their activities. The malware's modularity suggests that the attackers will likely continue to evolve their tactics and techniques, deploying new versions of this malware in the future. The infrastructure associated with Stealth Soldier shows significant overlaps with a previous campaign known as "Eye on the Nile," which targeted Egyptian civilian society in 2019. This overlap suggests a possible re-emergence of the same threat actor after a long hiatus. The Stealth Soldier backdoor features include file exfiltration, screen and microphone recording, keystroke logging, and browser information theft, making it a potent tool for cyber espionage. Check Point Research has provided Indicators of Compromise (IOCs) to aid companies in detecting and countering the Stealth Soldier threat. The malware abuses various software and languages such as Remote Utilities, hVNC, Google Ad, AutoHotkey, JavaScript, Lua, Python, Tcl, and VBS, and exploits vulnerabilities like Follina and CVE-2022-30190. It is expected that the threat actor behind Stealth Soldier will continue to pose a significant threat to North African targets and potentially expand its operations to other regions.

Description last updated: 2024-05-04T16:23:51.714Z

What's your take? (Question 1 of 4)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Espionage

Backdoor

Malware

Phishing

Africa

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Stealth Soldier Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	a year ago	Espionage Attacks in North Africa Linked to
InfoSecurity-magazine	a year ago	Interpol-Led Africa Cyber Surge II Nets 14 Cybercrime Suspects
CERT-EU	a year ago	Stealth Soldier backdoor used is targeted espionage attacks in Libya \| IT Security News
DARKReading	a year ago	'Stealth Soldier' Attacks Target Libyan Government Entities With Surveillance Malware
CERT-EU	a year ago	Anomali Cyber Watch: Fractureiser Attempted Clipboard-Poisoning VM Escape, Asylum Ambuscade Spies as a Side Job, Stealth Soldier Connected with The Eye on The Nile Campaign, and More.
Securityaffairs	a year ago	Stealth Soldier backdoor used is espionage attacks in Libya
Checkpoint	a year ago	12th June – Threat Intelligence Report - Check Point Research
CERT-EU	a year ago	Stealth Soldier: A New Custom Backdoor Targets North Africa with Espionage Attacks
CERT-EU	a year ago	Espionage Attacks in North Africa Linked to "Stealth Soldier" Backdoor