UNC1860 and the Temple of Oats: Iran’s Hidden Hand in Middle Eastern Networks
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
UNC1860 is an Iranian state-sponsored threat actor likely affiliated with Iran's Ministry of Intelligence and Security. It employs specialized tools and passive backdoors to gain initial access and persistent network access, particularly targeting government and telecommunications sectors in the Middle East. The group's capabilities include providing initial access for other actors, using GUI-operated malware controllers, and maintaining a diverse collection of passive implants. UNC1860's arsenal includes utilities for defense evasion, kernel-level drivers, and custom implementations of encryption methods. The actor demonstrates advanced Windows OS knowledge and reverse engineering skills, making it a formidable threat capable of supporting various objectives from espionage to network attacks.
OPENCTI LABELS :
oatboat,basewalk,unc1860
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
UNC1860 and the Temple of Oats: Iran’s Hidden Hand in Middle Eastern Networks