Whispering in the dark
Essential information
- Published
- 10/06/2025 18:09
- Modified
- 10/06/2025 19:58
- Tags
- 2025-06-10 apt backdoor cyberespionage flog iis module iran iraq kurdistan laret pinar primecache rdat reverse tunnel shahmaran slippery snakelet whisper
- Related entities
- 12 observables, 1 intrusion sets (apt), 17 techniques (mitre), 8 malware, 4 others
Description
ESET researchers uncovered a cyberespionage campaign by BladedFeline, an Iran-aligned APT group likely tied to OilRig. The group has targeted Kurdish and Iraqi government officials since at least 2017, using various malicious tools including the Whisper backdoor, PrimeCache IIS module, and reverse tunnels. BladedFeline maintains persistent access to high-ranking officials in both the Kurdistan Regional Government and Iraqi government, likely for espionage purposes. The group's toolset includes sophisticated backdoors, webshells, and custom tunneling applications. ESET assesses with medium confidence that BladedFeline is a subgroup of OilRig, based on shared code, targets, and tactics. The campaign also extended to a telecommunications provider in Uzbekistan.