Security News > 2021 > December > State-sponsored hackers abuse Slack API to steal airline data
A suspected Iranian state-supported threat actor is deploying a newly discovered backdoor named 'Aclip' that abuses the Slack API for covert communications.
Slack is an ideal platform for concealing malicious communications as the data can blend well with regular business traffic due to its widespread deployment in the enterprise.
Slack isn't the only legitimate messaging platform to be abused for relaying data and commands covertly.
We confirmed that Slack was not compromised in any way as part of this incident, and no Slack customer data was exposed or at risk.
"Slack encourages people to be vigilant and to review and enforce basic security measures, including the use of two-factor authentication, ensuring that their computer software and anti-virus software is up to date, creating new and unique passwords for every service they use, and exercising caution when interacting with people they don't know." - Slack.
Aclip receives PowerShell commands from the C2 server via Slack API functions and can be used to execute further commands, send screenshots of the active Windows desktop, and exfiltrate files.