April 9, 2024 at 10:45AM
Human rights activists in Morocco and the Western Sahara are being targeted by a new threat actor called Starry Addax. They are using phishing attacks to trick victims into installing fake Android apps and harvesting credentials from Windows users. The actor has been active since January 2024 and is using a novel Android malware called FlexStarling to steal sensitive information and execute commands. Cisco Talos warns that the malicious activity is designed for stealth and long-term presence on devices.
After reviewing the meeting notes, the following key takeaways can be summarized:
– Incident: A threat actor named Starry Addax is targeting human rights activists in Morocco and the Western Sahara region using phishing attacks and malware.
– Tactics: The threat actor is using spear-phishing emails to trick victims into installing bogus Android apps or redirecting them to fake social media login pages to harvest credentials.
– Malware: The adversary is deploying a versatile Android malware called FlexStarling, capable of delivering additional malware components and stealing sensitive information from infected devices.
– Stealth Operations: The threat actor’s focus is on stealth and conducting activities under the radar, with bespoke/custom-made components indicating a heavy emphasis on remaining undetected.
– Response: Security researchers at Cisco Talos are actively monitoring the activity and advocating for vigilance, as campaigns targeting high-value individuals typically aim to persist on devices for an extended period.
These takeaways provide a clear understanding of the cyber espionage and malware activities targeting human rights activists in the mentioned regions.