More about the DeathStalker group, its tactics, techniques, procedures and tools
Rather than being a more common, state-sponsored APT, Deathstalker is a small group of mercenaries acting as information brokers
This innovative attack group has been active since at least 2018—possibly since 2012. Targeting law firms and companies in the financial sector, DeathStalker is most likely a group of mercenaries offering hacking-for-hire services or acting as some sort of information broker. Their malware, spread via spear-phishing emails with attached archives containing a malicious LNK file, takes control of the victim’s device to steal sensitive business information.