SOURCE: FireEye, Inc.

February 02, 2015 08:00 ET

FireEye Reveals Threat Group Employed Skype to Steal Military Plans in Syria

Stolen Data Would Provide a Battlefield Advantage for Syrian President Assad's Forces

MILPITAS, CA--(Marketwired - Feb 2, 2015) - FireEye, Inc. (NASDAQ: FEYE), the leader in stopping today's advanced cyber attacks, today released "Behind the Syrian Conflict's Digital Front Lines," a report from the FireEye Threat Intelligence team detailing the activities of a cyber espionage group that stole Syrian opposition's strategies and battle plans. To undertake this operation, the threat group employed a familiar tactic: ensnaring its victims through conversations with seemingly sympathetic and attractive women. As the conversations progressed, the "women" would offer up a personal photo, laden with malware and developed to infiltrate the target's computer or Android phone.

"In the course of our threat research, we found the activity focused on the Syrian opposition that shows another innovative way threat groups have found to gain the advantage they seek," said Nart Villeneuve, senior threat intelligence researcher at FireEye. "While we cannot positively identify who is behind these attacks, we know that they used social media to infiltrate victims' machines and steal military information that would provide an advantage to President Assad's forces on the battlefield."

Between at least November 2013 and January 2014, the group stole a cache of critical documents and Skype conversations revealing the Syrian opposition's strategy, tactical battle plans, supply needs, and troves of personal information and chat sessions. This data belonged to the men fighting against Syrian President Bashar al-Assad's forces as well as media activists, humanitarian aid workers, and others within the opposition located in Syria, the region and beyond.

During analysis by FireEye Threat Intelligence, a unique tactic of the threat group was uncovered. Over the course of a Skype conversation the attacker would ask the victim what type of device he was using to chat. By determining whether it was an Android phone or a computer, the hackers would then send appropriately tailored malware.

FireEye Threat Intelligence has found limited indications about the threat group's origins, but if the data was acquired by President Assad's forces or allies, it would benefit his military efforts.

Stolen data includes:

  • Battle plans and maps
  • Supply needs and routes
  • Weaponry and ammunition lists
  • Personal information of, and chat sessions with, men fighting against President Assad's forces

The full report is available here: https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-behind-the-syria-conflict.pdf.

Indicators of Compromise associated with this activity are available at:
https://github.com/fireeye/iocs/master/BlogPosts.

About FireEye, Inc.

FireEye has invented a purpose-built, virtual machine-based security platform that provides real-time threat protection to enterprises and governments worldwide against the next generation of cyber attacks. These highly sophisticated cyber attacks easily circumvent traditional signature-based defenses, such as next-generation firewalls, IPS, anti-virus, and gateways. The FireEye Threat Prevention Platform provides real-time, dynamic threat protection without the use of signatures to protect an organization across the primary threat vectors and across the different stages of an attack life cycle. The core of the FireEye platform is a virtual execution engine, complemented by dynamic threat intelligence, to identify and block cyber attacks in real time. FireEye has over 2,700 customers across 67 countries, including over 157 of the Fortune 500.

© 2015 FireEye, Inc. All rights reserved. FireEye is a registered trademark or trademark of FireEye, Inc. in the United States and other countries. All other brands, products, or service names are or may be trademarks or service marks of their respective owners.