“In late June, FireEye researchers discovered the APT34 fishing campaign. We have identified three main differences of this cyber operation. First, intruders seem to be Cambridge experts to gain user confidence. Secondly, LinkedIn is used to deliver malicious documents. Third, APT34 has added three new malicious programs to its arsenal”, — the FireEye report said.
The attacks also used the Pickpocket tool, designed to steal credentials from browsers.
Read also: Another tool of the Iranian government cyber espionage group APT34 leaked to the Internet
The main objectives of APT34 were from the oil, energy and gas fields, and the criminals also attacked state organizations.
The malicious document ERFT-Details.xls was used as a dropper, and the lure was the opportunity to get a job on the Cambridge research team.
In the final phase, the Tonedeaf backdoor is installed on the victim’s computer, which communicates with the C&C command server using HTTP GET and POST requests. The malware supports several commands that allow collecting system information, download and download files, and execute shell commands.
Recall that the APT34 group is also known as OilRig, HelixKitten and Greenbug.
“With increasing geopolitical tensions in the Middle East, we expect Iran to significantly increase the volume and scope of its cyber espionage campaigns. Iran has a critical need for strategic intelligence and is likely to fill this gap by conducting espionage against decision makers and key organizations that may have information that furthers Iran’s economic and national security goals. We recommend organizations remain vigilant in their defenses, and remember to view their environment holistically when it comes to information security”, — conclude FireEye specialists.
About Pbmsoultions.com Pbmsoultions.com pop-ups can not launch out of the blue. If you have actually…
About Prizestash.com Prizestash.com pop-ups can not expose out of the blue. If you have actually…
About Verifiedbreaking.com Verifiedbreaking.com pop-ups can not launch out of nowhere. If you have actually clicked…
About Themoneyminutes.com Themoneyminutes.com pop-ups can not launch out of the blue. If you have actually…
About News-xcidizi.com News-xcidizi.com pop-ups can not introduce out of nowhere. If you have clicked some…
About Everytraffic-flow.com Everytraffic-flow.com pop-ups can not launch out of nowhere. If you have actually clicked…