Mobile threats emerge as mobile devices become part of our day to day life. Exploiting mobile devices gives all-in-one means to targeted users’ sensitive data.

By hijacking mobile, attackers can gain access to various sensitive information such as user location, contacts, email, texts, and instant messaging apps data and other files.


Most of the high profile and large scale cyber attacks are mostly launched by different APT groups from various countries, especially China, Iran, Russia, North Korea.

“Researchers observed these APT groups pivot to traditional foreign intelligence and/or economic espionage targets. This suggests a more mature, un-siloed and collaborative effort inside different government entities where tools, infrastructure, and intelligence are being shared.

State-sponsored APT Groups Mobile Malware

New research from BlackBerry researchers details “some already known, ongoing, targeted operations and reveal new intelligence and connections that fill in existing gaps in previously published research.”

The report highlights the tactics and strategies used by threat actor groups to implant mobile malware on targeted devices.

Strategic Assessments

Attackers continue to build a strategy to target smartphones used by both companies and individuals. The strategy integrated with traditional desktop malware.

Researchers observed Chinese, Vietnamese, Iranians, North Koreans and other state-backed groups interested in developing mobile malware focused on Android and/or iOS mobile malware.

Many of the governments interested in spyware to spy on the target users for political purposes and the APT groups revolve with foreign intelligence and/or economic targets.

The ability of APT of threat groups in developing surveillance tools outplayed the security industry’s ability to detect the malware at the endpoints.

Tactical Aspects

Researchers tracked the recent mobile espionage campaign under APT group WINNTI, the campaign targets various global companies including gaming companies, pharmaceutical giants, industrial manufacturing, chemical companies, and the United States defense industrial base.

Various mobile campaigns connected such as IRON HUSKY, REAVER PWNWIN1 linked to Chinese state-sponsored APT.

Recent Iranian mobile surveillance efforts give a dramatic rise in the sophistication mechanism to deliver Android malware. Infamous North Korea group LAZARUS and SCARCRUFT involved in various cyber-attacks.

Vietnam based OCEANLOTUS group involved in various campaigns since 2014

You can find the complete report published by BlackBerry researchers here, the show how the Chinese, Vietnamese, Iranians, North Koreans and other state-backed groups view, implement and execute upon their mobile strategies.

“The mobile space was already under attack for some time. In many regards, mobile surveillance has always been an ingredient of individual nation-state’s APT operations. Attacks on Android and iOS will undoubtedly become more prevalent and blended into traditional desktop-centric operations.”

Also Read: 10 Best Advanced Endpoint Security Tools of 2019

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.