Targeted Iranian Attacks Against Iraqi Government Infrastructure
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
Check Point Research uncovered a new malware campaign targeting Iraqi government entities, employing custom tools named Veaty and Spearal. The attack utilizes various techniques including passive IIS backdoors, DNS tunneling, and C2 communication via compromised email accounts. The malware shows connections to previously known APT34 malware families like Karkoff, Saitama, and IIS Group 2, which are associated with Iranian intelligence services. The campaign features unique command and control mechanisms and tailored infrastructure for specific targets. The initial infection vector likely involved social engineering, with malware disguised as document attachments. The actors demonstrated sophisticated techniques to evade detection and maintain persistence within compromised networks.
OPENCTI LABELS :
backdoor,iran,government,infrastructure,dns tunneling,spearal,email c2,veaty,cachehttp,iis module,iraq
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Targeted Iranian Attacks Against Iraqi Government Infrastructure