DeathStalker

  • First known sample

    2012
  • Discovery

    2020
  • Current status

    Active
  • Type

    Mercenary/Hacker-for-hire group
  • Targeted platforms

    Windows
  • TOP targeted countries

    China , Cyprus , India , Israel , Jordan , Lebanon , Russia , Switzerland , Taiwan , Turkey , United Arab Emirates , Argentina , The United Kingdom
  • The way of propagation

    Spear-phishing emails
  • Purpose/Functions

    Corporate espionage
  • Special features

    Rather than being a more common, state-sponsored APT, Deathstalker is a small group of mercenaries acting as information brokers

  • Targets

    Financial technology companies , Law offices , Wealth consultancy firms , Financial sector
  • Description

    This innovative attack group has been active since at least 2018—possibly since 2012. Targeting law firms and companies in the financial sector, DeathStalker is most likely a group of mercenaries offering hacking-for-hire services or acting as some sort of information broker. Their malware, spread via spear-phishing emails with attached archives containing a malicious LNK file, takes control of the victim’s device to steal sensitive business information.

    Additional information