ShroudedSnooper  (Back to overview)

In September 2023, Cisco Talos identified a new malware family that it calls ‘HTTPSnoop’ being deployed against telecommunications providers in the Middle East. They also discovered a sister implant to 'HTTPSnoop,’ that they are naming ‘PipeSnoop,’ which can accept arbitrary shellcode from a named pipe and execute it on the infected endpoint. Based on these findings, the researchers assess with high confidence that both implants belong to a new intrusion set that it named ‘ShroudedSnooper.’

Associated Families

There are currently no families associated with this actor.

2023-10-24Sentinel LABSAleksandar Milenkoski, Tom Hegel
The Israel-Hamas War | Cyber Domain State-Sponsored Activity of Interest
2023-09-19Cisco TalosArnaud Zobec, Asheer Malhotra, Caitlin Huey, Sean Taylor, Vitor Ventura
New ShroudedSnooper actor targets telecommunications firms in the Middle East with novel Implants
HTTPSnoop PipeSnoop LightBasin ShroudedSnooper

Credits: MISP Project