NEW DELHI: After seven years of targeting countries in West Asia and Europe, a sophisticated and resilient cyber espionage group, Promethium, has shifted its focus to India, claimed cybersecurity experts. By compromising the download files of widely-used softwares, it has been stealing documents and encrypted communication from devices for at least a year. Who has been behind the attacks is not known.
The group, also called StrongPity3, has been operating since 2012 but it has been notoriously difficult to track down or attribute to a single actor. Cybersecurity researchers believe that the attacks are state-backed for two reasons — the group keeps coming back even after being exposed and the compromise happens at the level of the internet service provider.
Now, Promethium’s footprint is expanding. “The samples related to StrongPity3 targeted victims in Colombia, India, Canada and Vietnam,” cybersecurity intelligence platform Cisco Talos wrote in its latest report. “Talos has identified at least three different campaigns since July 2019,” the report said.
Talos is the cyber threat intelligence unit of American technology conglomerate Cisco Systems. Talos reported that the attack happens when people try to download legitimate softwares. Instead of getting the actual files, the user is directed to the malware, which scans the system and sends out information without the user ever knowing.


Source link