FireEye reports: Cyber espionage is traditionally understood as a method aimed at achieving an information edge or a strategic goal. However, our research on malware activity related to the ongoing conflict in Syria indicates that such operations can provide actionable military intelligence for an immediate battlefield advantage. Today we release a new report “Behind the Syrian Conflict’s Digital Frontlines,” that documents a well-executed hacking operation that successfully breached the Syrian opposition.
Between at least November 2013 and January 2014, the hackers stole a cache of critical documents and Skype conversations revealing the Syrian opposition’s strategy, tactical battle plans, supply needs, and troves of personal information and chat sessions. This data belonged to the men fighting against Syrian President Bashar al-Assad’s forces, as well as media activists, humanitarian aid workers, and others within the opposition located in Syria, the region and beyond.
To undertake this operation, the threat group employed a familiar tactic: ensnaring its victims through conversations with seemingly sympathetic and attractive women. A female avatar would strike up a conversation on Skype and share a personal photo with her target. The photo was not only malware-laden but likely tailored to the victim’s device—an Android phone or a computer. Once the target downloaded the malware, the threat group accessed his device, rifled through files and selected and stole data identifying opposition members, their Skype chat logs and contacts, and scores of documents that shed valuable insight into the opposition. [Continue reading…]