Category | Details |
---|---|
Threat Actors | Iranian state-affiliated group, potentially linked to MOIS and APT34. |
Campaign Overview | Attacks on Iraqi government infrastructure using Veaty and Spearal malware families. |
Target Regions (Or Victims) | Iraqi government entities and networks. |
Methodology | Malware delivery via social engineering, using double extension files, PowerShell, PyInstaller scripts, and email-based C2. |
Product Targeted | Iraqi government infrastructure. |
Malware Reference | Veaty (backdoor), Spearal (backdoor), Karkoff, Saitama, IIS Group 2, associated with APT34. |
Tools Used | DNS tunneling, email-based C2, passive IIS backdoor, PowerShell, PyInstaller scripts. |
Vulnerabilities Exploited | Social engineering, bypassing SSL/TLS certificate validation. |
TTPs | DNS tunneling, C2 over compromised email, file and command upload/download, registry persistence, use of PowerShell. |
Attribution | Likely linked to Iranian threat actors and APT34, MOIS. |
Recommendations | Improve email security, monitor DNS traffic for tunneling, enforce certificate validation, enhance C2 traffic detection. |
Source | Check Point Research (CPR) |
Read full article: https://research.checkpoint.com/2024/iranian-malware-attacks-iraqi-government/
The above summary has been generated by an AI language model
Leave a Reply