Security News > 2021 > April > Researchers uncover a new Iranian malware used in recent cyberattacks
An Iranian threat actor has unleashed a new cyberespionage campaign against a possible Lebanese target with a backdoor capable of exfiltrating sensitive information from compromised systems.
Cybersecurity firm Check Point attributed the operation to APT34, citing similarities with previous techniques used by the threat actor as well as based on its pattern of victimology.
Aside from gathering basic information about the victim's machine, the backdoor establishes connections with a remote server to await additional commands that allow it to download files from the server, upload arbitrary files, and execute shell commands, the results of which are posted back to the server.
Check Point notes that the use of new backdoor points to the group's ongoing efforts to overhaul and update their payload arsenal in the wake of a 2019 leak of its hacking tools, which also doxxed several officers of the Iranian Ministry of Intelligence who were involved with APT34 operations.
"Iran backed APT34 shows no sign of slowing down, further pushing its political agenda in the middle-east, with an ongoing focus on Lebanon - using offensive cyber operations," the researchers said.
"While maintaining its modus operandi and reusing old techniques, the group continues to create new and updated tools to minimize the possible detection of their tools by security vendors."