Security News > 2021 > February > Iranian Hackers Utilize ScreenConnect to Spy On UAE, Kuwait Government Agencies
UAE and Kuwait government agencies are targets of a new cyberespionage campaign potentially carried out by Iranian threat actors, according to new research.
Attributing the operation to be the work of Static Kitten, Anomali said the "Objective of this activity is to install a remote management tool called ScreenConnect with unique launch parameters that have custom properties," with malware samples and URLs masquerading as the Ministry of Foreign Affairs of Kuwait and the UAE National Council.
Anomali said it spotted two separate lure ZIP files hosted on Onehub that claimed to contain a report on relations between Arab countries and Israel or a file relating to scholarships.
"The URLs distributed through these phishing emails direct recipients to the intended file storage location on Onehub, a legitimate service known to be used by Static Kitten for nefarious purposes," the researchers noted, adding "Static Kitten is continuing to use Onehub to host a file containing ScreenConnect."
The attack commences by directing users to a downloader URL pointing to these ZIP files via a phishing email that, when opened, launches the installation process for ScreenConnect, and subsequently uses it to communicate with the adversary.
"In this latest example, Static Kitten is very likely using features of ScreenConnect to steal sensitive information or download malware for additional cyber operations."