Forges Recruitment Sites, Launches Attacks on Aerospace and Semiconductor Industries in Multiple Countries

SUMMARY :

In this analysis, researchers have uncovered a malicious campaign orchestrated by APT35, a threat group believed to be affiliated with the Islamic Revolutionary Guard Corps (IRGC) of Iran. The group has been observed using forged recruitment sites and corporate sites to target the aerospace and semiconductor industries across multiple countries, including the United States, Thailand, the United Arab Emirates, and Israel. The attackers lure victims into downloading and executing malicious processes under the guise of site access or VPN access. The campaign leverages legitimate internet resources such as OneDrive, Google Cloud, and GitHub, and employs various tactics to evade detection and facilitate its operations. The detailed report provides an in-depth examination of the attack methods, infrastructure, and indicators of compromise (IOCs) associated with this campaign.

OPENCTI LABELS :

cyber espionage,middle east,targeted attacks,signedconnection.exe,semiconductor industry,secur32.dll,aerospace industry,qt5core.dll,msvcp.dll


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Forges Recruitment Sites, Launches Attacks on Aerospace and Semiconductor Industries in Multiple Countries