ESET researchers, along with previous researches by Citizen Labs and International Amnesty, has discovered a spyware dissemination campaign.
It has been determined that the Stealth Falcon group is responsible for this campaign. After the investigation, possible links with the Project Raven group have been shown, being able to be both groups the same.
The modus operandi of this campaign was through a malicious attachment received by email. Once it ran on the target machine, the malware was installed and set up a PowerShell-based backdoor to communicate with the Command and Control (C&C) server.
The peculiarity of this malware lies in the use of the Windows Background Intelligent Transfer Service (BITS), which allows the transfer speed to be adjusted according to the available bandwidth. This type of service is commonly used in programs designed to work in the background.