Encryption has brought with it the promise of self-controlled privacy. And not only have encryption advocates developed effective encryption software and shared it over open source channels, but computer users are taking the time to learn its use and install these software packages in higher numbers than ever.
Along with this increased adoption of encryption technologies came the attention of cyber-espionage actors this summer. Even with what seemed to be a narrow focus, they were willing to attack anyone with an interest in downloading one of a couple of open source encryption installers. Watering holes and poisoned installers are the name of the game here. As with the Darkhotel worms we saw arbitrarily spreading across Asian nations, watering holes affect arbitrary targets as well. In this case, European nations were hit with watering holes affecting large numbers of systems in Italy and Belgium, and other countries as well.
We will describe the watering holes and the time frame of activity, examine how far these attacks reached throughout Europe over the summer, and present some characteristics of the malware used by an actor we call StrongPity.