"Speagle is designed to surreptitiously harvest sensitive information from infected computers and transmit it to a Cobra DocGuard server that has been compromised by the attackers, masking the data exfiltration process as legitimate communications between client and server."
"This indicates deliberate targeting, possibly to facilitate intelligence collection or industrial espionage. At present, we believe the most likely hypotheses are that it is either the work of a state-sponsored actor or the work of a private contractor available for hire."
"Cobra DocGuard is a document security and encryption platform developed by EsafeNet. The abuse of this software in real-world attacks has been publicly recorded twice to date, including intrusions in Hong Kong targeting gambling companies and multiple Asian organizations."
Speagle is a newly discovered malware that exploits Cobra DocGuard, a legitimate document security platform by EsafeNet. The malware specifically targets systems with Cobra DocGuard installed, harvesting sensitive information and transmitting it through compromised servers while disguising the data theft as normal client-server communication. This deliberate targeting suggests intelligence collection or industrial espionage. Cobra DocGuard has been abused in previous attacks, including a 2022 Hong Kong gambling company breach via malicious updates and 2023 Carderbee attacks deploying PlugX backdoors. Speagle remains unattributed but is suspected to be state-sponsored or hired contractor work, likely delivered through supply chain attacks.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]