Security News > 2024 > January > Microsoft: Iranian hackers target researchers with new MediaPl malware
Microsoft says that a subgroup of the notorious APT35 Iranian-backed state hackers are targeting high-profile employees of research organizations and universities across Europe and the United States in spearphishing attacks pushing new MediaPL backdoor malware.
MediaPL is a highly sophisticated malware strain designed to compromise the security of researchers and their data. The attackers have specifically targeted individuals involved in cutting-edge research, seeking unauthorized access to sensitive information. Microsoft's dedicated security teams have dissected the malware to better understand its functionality and devise effective countermeasures.
The Iranian hacking group also used never-before-seen NokNok malware in attacks against macOS systems, another backdoor designed to collect, encrypt, and exfiltrate data from compromised Macs.
Another Iranian threat group tracked as APT33 breached defense organizations in extensive password spray attacks targeting thousands of orgs worldwide since February 2023 and was also recently seen attempting to breach defense contractors with new FalseFont malware.
News URL
Related news
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)
- Iranian hackers charged for ‘hack-and-leak’ plot to influence election (source)
- A Hacker's Era: Why Microsoft 365 Protection Reigns Supreme (source)
- FIN7 hackers launch deepfake nude “generator” sites to spread malware (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- N. Korean Hackers Use Fake Interviews to Infect Developers with Cross-Platform Malware (source)
- Iranian hackers now exploit Windows flaw to elevate privileges (source)
- Researchers Uncover Hijack Loader Malware Using Stolen Code-Signing Certificates (source)
- Iranian hackers act as brokers selling critical infrastructure access (source)