216.73.217.139

Targeted Iranian Attacks Against Iraqi Government Infrastructure

· Published 12/09/2024 08:21 · Modified 12/09/2024 08:24

Export JSON

Essential information

Published
12/09/2024 08:21
Modified
12/09/2024 08:24
Tags
2024-09-12 backdoor cachehttp dns tunneling email c2 government iis module infrastructure iran iraq spearal veaty
Related entities
16 observables, 1 intrusion sets (apt), 11 techniques (mitre), 3 malware, 2 others

Description

Check Point Research uncovered a new malware campaign targeting Iraqi entities, employing custom tools named and . The attack utilizes various techniques including passive IIS backdoors, , and C2 communication via compromised email accounts. The malware shows connections to previously known APT34 malware families like Karkoff, Saitama, and IIS Group 2, which are associated with Iranian intelligence services. The campaign features unique command and control mechanisms and tailored for specific targets. The initial infection vector likely involved social engineering, with malware disguised as document attachments. The actors demonstrated sophisticated techniques to evade detection and maintain persistence within compromised networks.

External references