216.73.216.174

UNC1860 and the Temple of Oats: Iran’s Hidden Hand in Middle Eastern Networks

· Published 20/09/2024 11:10 · Modified 20/09/2024 11:36

Export JSON

Essential information

Published
20/09/2024 11:10
Modified
20/09/2024 11:36
Tags
2024-09-20 basewalk oatboat unc1860
Related entities
1 vulnerabilities (cve), 22 observables, 1 intrusion sets (apt), 19 techniques (mitre), 16 malware, 7 others

Description

is an Iranian state-sponsored threat actor likely affiliated with Iran's Ministry of Intelligence and Security. It employs specialized tools and passive backdoors to gain initial access and persistent network access, particularly targeting government and telecommunications sectors in the Middle East. The group's capabilities include providing initial access for other actors, using GUI-operated malware controllers, and maintaining a diverse collection of passive implants. 's arsenal includes utilities for defense evasion, kernel-level drivers, and custom implementations of encryption methods. The actor demonstrates advanced Windows OS knowledge and reverse engineering skills, making it a formidable threat capable of supporting various objectives from espionage to network attacks.

External references