The APT group known as StrongPity is back with a new watering-hole campaign, targeting mainly Kurdish victims in Turkey and Syria. The malware served offers operators the ability to search for and exfiltrate any file or document from a victim s machine. The spy malware is being delivered via a complex infrastructure with multiple layers, in an effort to avoid analysis. The group uses a multi-tiered C2 infrastructure for covering its tracks and thwarting forensic investigation, in the form of different sets of proxy servers.
Source: https://threatpost.com/strongpity-kurdish-watering-hole-attacks/157029/