Syrian cyberspies have stolen data including battle plans, supply routes and ammunition lists in a bid to give Syrian President Bashar al-Assad’s forces the upper hand on the battlefield.
That's according to the FireEye threat intelligence team, which has released a report: “Behind the Syrian Conflict’s Digital Front Lines".
The report details the activities of a cyber-espionage group that stole Syrian opposition’s strategies and battle plans.
To undertake this operation, the threat group employed a familiar tactic: ensnaring its victims through conversations with seemingly sympathetic and attractive women. As the conversations progressed, the “women” would offer up a personal photo, laden with malware and developed to infiltrate the target’s computer or Android phone.
FireEye senior threat intelligence researcher, Nart Villeneuve, said the research found the activity focused on the Syrian opposition that showed another innovative way threat groups had found to gain the advantage they sought.
“While we cannot positively identify who is behind these attacks, we know that they used social media to infiltrate victims’ machines and steal military information that would provide an advantage to President Assad’s forces on the battlefield,” he said.
According to the report, between at least November 2013 and January 2014, the group stole a cache of critical documents and Skype conversations revealing the Syrian opposition’s strategy, tactical battle plans, supply needs, and troves of personal information and chat sessions.
This data belonged to the men fighting against Syrian President Bashar al-Assad’s forces as well as media activists, humanitarian aid workers, and others within the opposition located in Syria, the region and beyond.
During analysis by FireEye Threat Intelligence, a unique tactic of the threat group was uncovered.
Over the course of a Skype conversation the attacker would ask the victim what type of device he was using to chat.
By determining whether it was an Android phone or a computer, the hackers would then send appropriately tailored malware.
FireEye Threat Intelligence has found limited indications about the threat group’s origins, but if the data was acquired by President Assad’s forces or allies, it would benefit his military efforts.