216.73.217.80

Iranian Dream Job campaign

· Published 12/11/2024 12:11 · Modified 12/11/2024 12:27

Export JSON

Essential information

Published
12/11/2024 12:11
Modified
12/11/2024 12:27
Tags
2024-11-12 aerospace apt35 charming kitten dll side-loading dream job evasion iran linkedin slugresin snailresin
Related entities
26 observables, 1 intrusion sets (apt), 8 techniques (mitre), 2 malware, 7 others

Description

An Iranian campaign targeting the industry has been uncovered, distributing malware through a '' scheme. Attributed to TA455, a subgroup of , the campaign uses social engineering tactics on , impersonating recruiters to lure victims. The attack employs multi-stage infection chains, , and leverages legitimate services like Cloudflare and GitHub to evade detection. The campaign has been active since September 2023, constantly evolving its infrastructure and malware. Similarities with North Korean Lazarus Group tactics suggest either impersonation or shared attack methods. The campaign primarily targets , aviation, and defense industries in the Middle East, especially Israel and UAE.

External references