The cybersecurity report reveals the resurgence of the espionage group XDSpy, showcasing its advanced tools and techniques targeting Eastern European and Russian government entities. The campaign exploits a Windows LNK vulnerability (ZDI-CAN-25373) to deploy stealthy malware like XDigo, emphasizing persistent operational security and sophisticated evasion methods. #XDSpy #XDigo #ZDI-CAN-25373
Keypoints
- XDSpy is a cyber-espionage group that has operated discreetly since 2011 and recently reemerged with advanced tactics.
- The campaign exploits a Windows LNK vulnerability (ZDI-CAN-25373) allowing command obfuscation via whitespace padding.
- Spearphishing emails with malicious LNK files initiate the infection, ultimately deploying the XDigo malware implant.
- XDigo is a sophisticated espionage tool that gathers data and communicates with encrypted exfiltration channels.
- The campaign demonstrates strong operational security, using infrastructure evasion, credentialing, and reuse of attack methods historically tied to XDSpy.