Security News > 2023 > November > New Campaign Targets Middle East Governments with IronWind Malware

Government entities in the Middle East are the target of new phishing campaigns that are designed to deliver a new initial access downloader dubbed IronWind.

Coinciding with the use of IronWind are consistent updates to its malware delivery mechanisms, using Dropbox links, XLL file attachments, and RAR archives to distribute IronWind.

The use of IronWind is a shift from prior attack chains, which were linked to the propagation of a backdoor codenamed NimbleMamba in intrusions targeting Middle Eastern governments and foreign policy think tanks.

TA402's latest campaigns are characterized by the use of a compromised email account belonging to the Ministry of Foreign Affairs to send phishing lures pointing to Dropbox links that facilitate the deployment of IronWind.

"The ongoing conflict in the Middle East does not appear to have hindered their ongoing operations, as they continue to iterate and use new and clever delivery methods to bypass detection efforts," Miller said.

"Using complex infection chains and drumming up new malware to attack their targets, TA402 continues to engage in extremely targeted activity with a strong focus on government entities based in the Middle East and North Africa."

News URL

https://thehackernews.com/2023/11/new-campaign-targets-middle-east.html