The cyber espionage group has been targeting nations in West Asia and Europe for the past seven years and has shifted its focus on India. Promethium has been stealing confidential information and encrypted communications from devices via software downloads for the past one year.
Apparently, the attacks are recognized as ‘state sanctioned’ and cyber security experts have provided two major reasons to back their claims – A. The attacks are happening relentlessly even after being exposed to security, lack of precaution is in question. B. The attacks are happening at the highest security levels of the internet service providers.
Talos, CISCO’s Cyber Security Intelligence Platform stated in its latest report, “The samples related to StrongPity3 targeted victims in Colombia, India, Canada and Vietnam,”. The reports continued – “Talos has identified at least three different campaigns since July 2019,”.
According to the Cisco’s blog, the group has at least four new trojanized setup files we observed: Firefox (a browser), VPNpro (a VPN client), DriverPack (a pack of drivers) and 5kPlayer (a media player).
Talos Intelligence has pointed out that attacks happen when people actually download legitimate software files, surprisingly directing the user to the malware which further scans the user’s device and then sends out information in the background without the user knowing.