A lesser-known group of pro-government hackers is pushing sophisticated malware
A group calling itself the Syrian Malware Team (SMT) has been spotted carrying out attacks using the sophisticated BlackWorm Remote Access Tool (RAT), with one of the members thought to be responsible for its creation.
According to security vendor FireEye, which identified 11 members of the group, SMT supports the government of Bashir Al-Assad, and even puts the president’s face on its banners.
The group is suspected to have links to the Syrian Electronic Army (SEA), which has been making headlines following a string of successful attacks against e-commerce sites, social networks and media organisations.
According to FireEye, SMT has been active since the beginning of 2011, launching its campaigns months before protests against the Syrian government erupted into a full-scale civil war.
Researchers found at least two distinct versions of the BlackWorm RAT used by the group – the ‘original version’ (v0.3.0) and the ‘Dark Edition’ (v2.1).This nasty strain of malware was created by a prominent developer Naser Al Mutairi (a.k.a. ‘njq8′) from Kuwait, helped by an accomplice known only as ‘Black Mafia’.
And yet his software lives on, enabling the SMT to download and run applications on a target computer, copy files, send direct messages, kill critical windows processes, block specific websites and disable peripherals, among other things.
The group has used these capabilities to do everything from profiling targets to orchestrating attacks themselves.
Some of the social media posts by members of the SMT have led researchers to believe the group is connected to the current Syrian regime, which is led by Al-Assad – a man who has been in power for the past 14 years, following his father who ruled the country for 30 years.
Earlier this month, Kaspersky Labs warned that the number of cyber attacks against Internet users in Syria is growing, with organised groups relying on increasingly complex strains of malware.
What do you know about famous hackers? Take our quiz!