HQ/EMEAFind out how we can help your business
A new campaign by the cyberespionage group XDSpy is currently targeting Russian military-industrial enterprises. This notorious group, known for its activities primarily in Eastern Europe, has raised concerns with its latest attempt to breach the systems of a Russian metallurgical enterprise and a research institute specialising in the development and production of guided missile weapons.
According to a Russian cybersecurity provider, the hackers utilised phishing emails disguised as a nuclear weapons research institute to infiltrate their targets. This incident marks a continuation of their tactics since the group posed as Russia’s Ministry of Emergency Situations earlier this year, sending malicious PDF attachments in phishing emails.
The researchers have yet to confirm whether the November campaign successfully breached the systems or stole data from the Russian targets. However, they claimed that Russia remains the primary focus of XDSpy, pointing out previous attacks on the country’s government, military, financial institutions, energy, research, and mining companies.
XDSpy remained one of the most elusive hacking groups that challenged numerous researchers.
Despite its years-long history, the limited visibility and activities make XDSpy group’s tracking challenging. A Slovak-based cybersecurity firm has monitored the group since 2020, but it lost direct access to cyberattacks in Russia and Belarus after exiting these regions. However, they detected the group’s activity again after it attacked a Ukrainian aerospace company, following a pattern similar to that described by the Russian researchers earlier this month.
Furthermore, the researchers emphasised the group’s consistent spear-phishing campaigns targeting strategic organisations in Eastern Europe. Despite lacking a highly sophisticated toolkit, XDSpy maintains robust operational security, making it difficult for researchers to attribute the group to a specific country.
The researchers also acknowledged the group’s effort in obfuscating their implants to bypass security solutions, highlighting their success even as researchers have managed to track their operations over an extended period.
The mystery surrounding XDSpy’s sponsors also adds a layer of complexity to the ongoing efforts to lessen cyber espionage activities. As authorities and cybersecurity providers investigate this evolving threat landscape, the actions of state-backed threat groups like XDSpy should urge different companies to collaborate and create a countermeasure that would stop these cyberespionage groups from completing their attacks.
