New APT Group XDSpy Targets Belarus and Russian-Speakers
A new APT group targeting Belarus and other Eastern European governments and businesses has been uncovered and dubbed “XDSpy.” The advanced persistent threat group has reportedly been conducting malicious activity against Eastern European entities for over nine years. The group does not share any similarities of regional targets, network infrastructure, or malicious code with any other known APT groups, leading researchers to link their campaigns over the past near-decade back to them.
According to researchers, the group operates within a GMT +2 or +3 time zone similar to its targets and individuals only work Monday through Friday. The group specializes in initial spearphishing attacks to compromise targets, inserting malicious RAR of ZIP attachments and links. The technical capabilities of the group vary, as it has used the same malware architecture for nine years. However, it has also exploited vulnerabilities with very little information available and no proof-of-concept.