Security News > 2020 > February > Iranian APT Targets Govs With New Malware
Researchers have attributed the campaign to a known Iranian advanced persistence threat group.
As part of the campaign, researchers observed multiple emails using malicious attachments to gain initial access.
"The threat actors used a list of valid user accounts from the target domain in conjunction with a weak password list to determine potentially accessible accounts," said researchers.
Researchers say that in spite of Iran's threatened retaliation for recent geopolitical events, this campaign indicates that Iranian APTs continue to focus on "Long-running cyberespionage activity." Conflict between the U.S. and Iran peaked after U.S. drones on Jan. 3 killed Qassem Soleimani, an Iranian general with the Islamic Revolutionary Guard Corps who was highly-esteemed in Iran.
"From a threat management and risk assessment perspective, CTU researchers advise organizations not to conflate ongoing espionage operations with a retaliatory response," said researchers.
News URL
https://threatpost.com/iranian-apt-targets-govs-with-new-malware/153162/
Related news
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)
- APT-K-47 Uses Hajj-Themed Lures to Deliver Advanced Asyncshell Malware (source)
- APT-C-60 Hackers Exploit StatCounter and Bitbucket in SpyGlace Malware Campaign (source)
- The Mask APT Resurfaces with Sophisticated Multi-Platform Malware Arsenal (source)
- Bitter APT Targets Turkish Defense Sector with WmRAT and MiyaRAT Malware (source)