News

Iranian hackers APT34 use LinkedIn to deliver a backdoor

The cybercrime group APT34, which is associated with the Iranian government, continues its espionage campaigns, using LinkedIn for deliver a backdoor.

According to the report of FireEye experts, criminals appear to be a researcher from Cambridge and ask the victims to join their group. A malicious xls file is sent along with these users.

“In late June, FireEye researchers discovered the APT34 fishing campaign. We have identified three main differences of this cyber operation. First, intruders seem to be Cambridge experts to gain user confidence. Secondly, LinkedIn is used to deliver malicious documents. Third, APT34 has added three new malicious programs to its arsenal”, — the FireEye report said.

The attacks also used the Pickpocket tool, designed to steal credentials from browsers.

Read also: Another tool of the Iranian government cyber espionage group APT34 leaked to the Internet

The main objectives of APT34 were from the oil, energy and gas fields, and the criminals also attacked state organizations.

The malicious document ERFT-Details.xls was used as a dropper, and the lure was the opportunity to get a job on the Cambridge research team.

In the final phase, the Tonedeaf backdoor is installed on the victim’s computer, which communicates with the C&C command server using HTTP GET and POST requests. The malware supports several commands that allow collecting system information, download and download files, and execute shell commands.

Recall that the APT34 group is also known as OilRig, HelixKitten and Greenbug.

“With increasing geopolitical tensions in the Middle East, we expect Iran to significantly increase the volume and scope of its cyber espionage campaigns. Iran has a critical need for strategic intelligence and is likely to fill this gap by conducting espionage against decision makers and key organizations that may have information that furthers Iran’s economic and national security goals. We recommend organizations remain vigilant in their defenses, and remember to view their environment holistically when it comes to information security”, — conclude FireEye specialists.

Polina Lisovskaya

I works as a marketing manager for years now and loves searching for interesting topics for you

Recent Posts

Remove Pbmsoultions.com Pop-up Ads

About Pbmsoultions.com Pbmsoultions.com pop-ups can not launch out of the blue. If you have actually…

1 day ago

Remove Prizestash.com Pop-up Ads

About Prizestash.com Prizestash.com pop-ups can not expose out of the blue. If you have actually…

1 day ago

Remove Verifiedbreaking.com Pop-up Ads

About Verifiedbreaking.com Verifiedbreaking.com pop-ups can not launch out of nowhere. If you have actually clicked…

1 day ago

Remove Themoneyminutes.com Pop-up Ads

About Themoneyminutes.com Themoneyminutes.com pop-ups can not launch out of the blue. If you have actually…

1 day ago

Remove News-xcidizi.com Pop-up Ads

About News-xcidizi.com News-xcidizi.com pop-ups can not introduce out of nowhere. If you have clicked some…

1 day ago

Remove Everytraffic-flow.com Pop-up Ads

About Everytraffic-flow.com Everytraffic-flow.com pop-ups can not launch out of nowhere. If you have actually clicked…

1 day ago