Security News > 2024 > May > Iranian hackers pose as journalists to push backdoor malware
The Iranian state-backed threat actor tracked as APT42 is employing social engineering attacks, including posing as journalists, to breach corporate networks and cloud environments of Western and Middle Eastern targets.
Google threat analysts following APT42's operations report that the hackers use malicious emails to infect their targets with two custom backdoors, namely "Nicecurl" and "Tamecat," which provide command execution and data exfiltration capabilities.
Tamecat is a more complex PowerShell backdoor that can execute arbitrary PS code or C# scripts, giving APT42 much operational flexibility to perform data theft and extensive system manipulation.
The full list of Indicators of Compromise for the recent APT42 campaign and YARA rules for detecting the NICECURL and TAMECAT malware can be found at the end of Google's report.
Russian Sandworm hackers pose as hacktivists in water utility breaches.
Russian hackers target German political parties with WineLoader malware.
News URL
Related news
- Hackers Hit Indian Defense, Energy Sectors with Malware Posing as Air Force Invite (source)
- Hackers Target macOS Users with Malicious Ads Spreading Stealer Malware (source)
- China-linked Hackers Deploy New 'UNAPIMON' Malware for Stealthy Operations (source)
- Vietnam-Based Hackers Steal Financial Data Across Asia with Malware (source)
- Iranian MuddyWater Hackers Adopt New C2 Tool 'DarkBeatC2' in Latest Campaign (source)
- Hackers Deploy Python Backdoor in Palo Alto Zero-Day Attack (source)
- TA558 Hackers Weaponize Images for Wide-Scale Malware Attacks (source)
- Hackers Target Middle East Governments with Evasive "CR4T" Backdoor (source)
- Hackers hijack antivirus updates to drop GuptiMiner malware (source)
- Hackers Increasingly Abusing Microsoft Graph API for Stealthy Malware Communications (source)