Security News > 2024 > May > Iranian hackers pose as journalists to push backdoor malware

The Iranian state-backed threat actor tracked as APT42 is employing social engineering attacks, including posing as journalists, to breach corporate networks and cloud environments of Western and Middle Eastern targets.
Google threat analysts following APT42's operations report that the hackers use malicious emails to infect their targets with two custom backdoors, namely "Nicecurl" and "Tamecat," which provide command execution and data exfiltration capabilities.
Tamecat is a more complex PowerShell backdoor that can execute arbitrary PS code or C# scripts, giving APT42 much operational flexibility to perform data theft and extensive system manipulation.
The full list of Indicators of Compromise for the recent APT42 campaign and YARA rules for detecting the NICECURL and TAMECAT malware can be found at the end of Google's report.
Russian Sandworm hackers pose as hacktivists in water utility breaches.
Russian hackers target German political parties with WineLoader malware.
News URL
Related news
- Hackers exploit SimpleHelp RMM flaws to deploy Sliver malware (source)
- North Korean hackers spotted using ClickFix tactic to deliver malware (source)
- North Korean Hackers Target Freelance Developers in Job Scam to Deploy Malware (source)
- Chinese hackers use custom malware to spy on US telecom networks (source)
- New Linux Malware ‘Auto-Color’ Grants Hackers Full Remote Access to Compromised Systems (source)
- Suspected Iranian Hackers Used Compromised Indian Firm's Email to Target U.A.E. Aviation Sector (source)
- Chinese Hackers Breach Juniper Networks Routers With Custom Backdoors and Rootkits (source)
- New ‘Rules File Backdoor’ Attack Lets Hackers Inject Malicious Code via AI Code Editors (source)
- Chinese FamousSparrow hackers deploy upgraded malware in attacks (source)