Libyan Scorpions
Description
(Cyberkov) In the past weeks on 6 August 2016, Cyberkov Security Incident Response Team (CSIRT) received a numerous Android malwares operating in different areas in Libya especially in Tripoli and Benghazi.
The malware spreads very fast using Telegram messenger application in smartphones, targeting high-profile Libyan influential and political figures.
The malware first discovery was after a highly Libyan influential Telegram account compromised via webTelegram using IP address from Spain.
Analysis of this incident led us to believe that this operation and the group behind it which we call Libyan Scorpions is a malware operation in use since September 2015 and operated by a politically motivated group whose main objective is intelligence gathering, spying on influentials and political figures and operate an espionage campaign within Libya.
Also, the analysis of the incident led to the discovery of multiple malwares targeting Android and Windows machines.
Libyan Scorpions threat actors used a set of methods to hide and operate their malwares. They appear not to have highly technical skills but a good social engineering and phishing tricks. The threat actors are not particularly sophisticated, but it is well-understood that such attacks don’t need to be sophisticated in order to be effective.
Names
| Name | Name-Giver |
|---|---|
| Libyan Scorpions | Cyberkov |
Country
Motivation
- Information theft and espionage
First Seen
2015
Observed Sectors
Observed Countries
Tools
Information
Other Information
Uuid
8eeb8aa6-2d2b-4476-8b5d-21633fe03ec1
Last Card Change
2020-04-14