SilentSelfie: Revealing a major campaign against Kurdish websites
Essential information
- Published
- 25/09/2024 13:06
- Modified
- 26/09/2024 13:39
- Tags
- 2024-09-25 android malware cyber espionage kurdish location tracking rojava silentselfie watering hole
- Related entities
- 13 techniques (mitre), 1 malware, 5 others
Description
A large-scale cyber espionage campaign targeting Kurdish websites was uncovered, involving 25 compromised sites using four variants of malicious scripts. The attacks ranged from simple location tracking to prompting users to install malicious Android apps. Despite lacking sophisticated techniques, the campaign's scale and duration were notable, operating undetected since late 2022. The compromised sites were linked to Kurdish media, political organizations, and the Rojava administration in Syria. A malicious Android app disguised as a news app was also discovered, capable of exfiltrating user data. While attribution remains uncertain, potential actors include Turkish intelligence, Syrian government, or the Kurdistan Regional Government of Iraq.