Security News > 2020 > January > Iranian Hackers Target U.S. Gov. Vendor With Malware
Researchers at Intezer uncovered the campaign after detecting a malicious file in January, purporting to be an employee satisfaction survey for Westat employees and customers.
"The technical analysis of the new malware variants reveals this Iranian government-backed group has invested substantial efforts into upgrading its toolset in an attempt to evade future detection."
The downloaded executable file is actually a new version of the TONEDEAF malware, a backdoor commonly used by APT34 as a custom tool.
TONEDEAF 2.0, as researchers call it, serves the same purpose as the original malware, with the same general flow and functionality.
"In contrast to the original TONEDEAF, TONEDEAF 2.0 contains solely arbitrary shell execution capabilities, and doesn't support any predefined commands. It's also more stealthy and contains new tricks such as dynamic importing, string decoding and a victim deception method," researchers said.
News URL
https://threatpost.com/iran-hackers-us-gov-malware/152452/
Related news
- Russia-Linked Hackers Target Kazakhstan in Espionage Campaign with HATVIBE Malware (source)
- Hackers Hide Malware in Images to Deploy VIP Keylogger and 0bj3ctivity Stealer (source)
- Hacker infects 18,000 "script kiddies" with fake malware builder (source)
- North Korean Hackers Deploy FERRET Malware via Fake Job Interviews on macOS (source)
- Hackers exploit SimpleHelp RMM flaws to deploy Sliver malware (source)
- North Korean hackers spotted using ClickFix tactic to deliver malware (source)
- North Korean Hackers Target Freelance Developers in Job Scam to Deploy Malware (source)
- Chinese hackers use custom malware to spy on US telecom networks (source)