XDSpy
XDSpy is a newly identified cybercrime organization, which, however, appears to have been active for many years. The criminal activity of the XDSpy group can be traced back to 2011, and its focus is on government and private entities. The group's implants prioritize collecting information from their victims, and the latest iteration of their custom-built malware is known as XDDown. The XDDown malware features a custom modular structure, and the criminals can expand or shrink its functionality easily by using the pre-made modules XDREcon, XDList, XDUpload, XDLoc, XDPass and XDMonitor.
The hackers from XDSpy operate in the Eastern Europe region, and the majority of their attacks seem to target entities in Belarus. However, their operations also have reached targets in Russia, Moldova, Serbia and Ukraine. Judging by XDSpy's targets and their affinity towards espionage and data-theft, it is safe to assume that this may be a state-sponsored threat actor.
The XDSpy Hackers may Have Been Active for Nearly a Decade
One of the surprising things about XDSpy is that it does not seem to share resources or members with other prominent threat actors operating in Eastern Europe. The majority of its malware is fully customed, and they have not borrowed code from other projects. Furthermore, their network infrastructure also is exclusive to them, and they are not sharing their servers with other hackers or malware. Another interesting fact about XDSpy's campaigns is that the criminals in this group appear to have work hours – they only work Monday to Friday and usually adapt themselves to their targets' work hours.
The preferred infection vector of the XDSpy group is spear-phishing emails that contain corrupted attachments. The hackers are usually disguising the corrupted file as an LNK, ZIP, RAR or Microsoft Office document. In some cases, the corrupted file was hosted on an external server instead of being attached to the email.
XDSpy's campaigns are not considered advanced in 2020, and there are plenty of Advanced Persistent Threat (APT) actors that use far more sophisticated implants, servers, exploits and strategies. However, XDSpy is surprisingly efficient with the resources it has at its disposal, and it isn't an organization whose capabilities should be underestimated, certainly.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.