216.73.216.78

SilentSelfie: Revealing a major campaign against Kurdish websites

· Published 25/09/2024 13:06 · Modified 26/09/2024 13:39

Export JSON

Essential information

Published
25/09/2024 13:06
Modified
26/09/2024 13:39
Tags
2024-09-25 android malware cyber espionage kurdish location tracking rojava silentselfie watering hole
Related entities
13 techniques (mitre), 1 malware, 5 others

Description

A large-scale campaign targeting websites was uncovered, involving 25 compromised sites using four variants of malicious scripts. The attacks ranged from simple to prompting users to install malicious Android apps. Despite lacking sophisticated techniques, the campaign's scale and duration were notable, operating undetected since late 2022. The compromised sites were linked to media, political organizations, and the administration in Syria. A malicious Android app disguised as a news app was also discovered, capable of exfiltrating user data. While attribution remains uncertain, potential actors include Turkish intelligence, Syrian government, or the Kurdistan Regional Government of Iraq.

External references