Stealth Soldier

Malware Profile Updated 3 months ago
Download STIX
Preview STIX
Stealth Soldier is a previously undisclosed modular backdoor malware identified by Check Point researchers in an ongoing espionage operation against targets in North Africa, as reported on June 8, 2023. The malware exhibits multi-stage infection capabilities and is being used for surveillance and espionage operations, primarily against Libyan and Egyptian targets. The operators of the Stealth Soldier malware are believed to be politically motivated, utilizing a significant network of phishing domains to conduct their activities. The malware's modularity suggests that the attackers will likely continue to evolve their tactics and techniques, deploying new versions of this malware in the future. The infrastructure associated with Stealth Soldier shows significant overlaps with a previous campaign known as "Eye on the Nile," which targeted Egyptian civilian society in 2019. This overlap suggests a possible re-emergence of the same threat actor after a long hiatus. The Stealth Soldier backdoor features include file exfiltration, screen and microphone recording, keystroke logging, and browser information theft, making it a potent tool for cyber espionage. Check Point Research has provided Indicators of Compromise (IOCs) to aid companies in detecting and countering the Stealth Soldier threat. The malware abuses various software and languages such as Remote Utilities, hVNC, Google Ad, AutoHotkey, JavaScript, Lua, Python, Tcl, and VBS, and exploits vulnerabilities like Follina and CVE-2022-30190. It is expected that the threat actor behind Stealth Soldier will continue to pose a significant threat to North African targets and potentially expand its operations to other regions.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Espionage
Malware
Backdoor
Phishing
Africa
Decoy
Downloader
Payload
Domains
Cybercrime
Apt
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
CVE-2022-30190Unspecified
1
CVE-2022-30190, also known as the "Follina" vulnerability, is a high-risk software flaw in the Microsoft Support Diagnostic Tool that allows for remote code execution. This 0-day vulnerability was disclosed in May 2022 and has since been exploited by threat actors, including TA413, who weaponized it
Source Document References
Information about the Stealth Soldier Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
a year ago
Espionage Attacks in North Africa Linked to
InfoSecurity-magazine
a year ago
Interpol-Led Africa Cyber Surge II Nets 14 Cybercrime Suspects
CERT-EU
a year ago
Stealth Soldier backdoor used is targeted espionage attacks in Libya | IT Security News
DARKReading
a year ago
'Stealth Soldier' Attacks Target Libyan Government Entities With Surveillance Malware
CERT-EU
a year ago
Anomali Cyber Watch: Fractureiser Attempted Clipboard-Poisoning VM Escape, Asylum Ambuscade Spies as a Side Job, Stealth Soldier Connected with The Eye on The Nile Campaign, and More.
Securityaffairs
a year ago
Stealth Soldier backdoor used is espionage attacks in Libya
Checkpoint
a year ago
12th June – Threat Intelligence Report - Check Point Research
CERT-EU
a year ago
Stealth Soldier: A New Custom Backdoor Targets North Africa with Espionage Attacks
CERT-EU
a year ago
Espionage Attacks in North Africa Linked to "Stealth Soldier" Backdoor