Network Security

Novel infrastructure leveraged in Predator spyware resurgence

Share

While servers distributing Intellixa Alliance's Predator spyware have significantly declined following a name and shame campaign last year, operators of the spyware have immediately rebounded with new infrastructure, with more than 80 delivery servers observed in the Philippines, Botswana, and at least nine other countries by the middle of January, CyberScoop reports.

Such infrastructure involved the utilization of domains using themes and spoofed organizations akin to those leveraged in the prior campaign to facilitate the deployment of Predator spyware, a report from Recorded Future's Insikt Group revealed. "While these patterns are relatively easy for threat researchers to identify, these [tactics, techniques, and procedures] are presumably producing satisfactory results, eliminating the need for changes," said researchers. Such findings indicate the need for a new "holistic, multi-pronged approach" to address spyware threats, according to Citizen Lab senior researcher John Scott-Railton. "Naming and shaming? Not enough. Regulations alone? Not enough. Technical solutions? Not necessarily enough," Scott-Railton said.

An In-Depth Guide to Network Security

Get essential knowledge and practical strategies to fortify your network security.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.