Security News > 2023 > July > Iranian Hackers' Sophisticated Malware Targets Windows and macOS Users

The Iranian nation-state actor known as TA453 has been linked to a new set of spear-phishing attacks that infect both Windows and macOS operating systems with malware.

"TA453 eventually used a variety of cloud hosting providers to deliver a novel infection chain that deploys the newly identified PowerShell backdoor GorjolEcho," Proofpoint said in a new report.

"When given the opportunity, TA453 ported its malware and attempted to launch an Apple flavored infection chain dubbed NokNok. TA453 also employed multi-persona impersonation in its unending espionage quest."

TA453, also known by the names APT35, Charming Kitten, Mint Sandstorm, and Yellow Garuda, is a threat group linked to Iran's Islamic Revolutionary Guard Corps that has been active since at least 2011.

The modules "Mirror a majority of the functionality" of the modules associated with CharmPower, with NokNok sharing some source code overlaps with macOS malware previously attributed to the group in 2017.

"TA453 continues to adapt its malware arsenal, deploying novel file types, and targeting new operating systems," the researchers said, adding the actor "Continues to work toward its same end goals of intrusive and unauthorized reconnaissance" while simultaneously complicating detection efforts.

News URL

https://thehackernews.com/2023/07/iranian-hackers-sophisticated-malware.html