Home Malware Programs Advanced Persistent Threat (APT) Nazar APT

Nazar APT

Posted: May 4, 2020

The Nazar APT is a newly discovered threat actor that was believed to be part of APT37, a Chinese-based Advanced Persistent Threat (APT) group that is also known as Emissary Panda. Details about Nazar APT's activity and tools were released in the Shadow Brokers leak that occurred in 2017, and this allowed cybersecurity experts to learn more about Nazar APT, its toolset and targets.

It appears that the majority of the Nazar APT's targets were located in Iran, and the group's activities can be traced back to 2010. Of course, the criminals have adopted new tools throughout the years regularly, and they have switched targets too. One of their key tools is EYService, a backdoor Trojan that appeared to be their top choice when it came to infecting targets in Iran.

It seems that the Nazar APT prioritizes espionage and information theft – their signature backdoor Trojan is able to spy on users, collect information, and even to deploy additional payloads. It seems that the crooks relied on public and legitimate tools to help obfuscate their payload – a common strategy that cybercriminals use to increase their product's odds of evading antivirus products.

The Nazar APT appears to have been in the scene for over a decade, but there is very little information about the group's motivations. The 2017 Shadow Brokers leak shed some light on the Nazar APT's actions, but cybersecurity experts are still trying to dig out more data about this threat actors' activities and potential future plans.

Loading...