News

Iranian hackers APT34 use LinkedIn to deliver a backdoor

The cybercrime group APT34, which is associated with the Iranian government, continues its espionage campaigns, using LinkedIn for deliver a backdoor.

According to the report of FireEye experts, criminals appear to be a researcher from Cambridge and ask the victims to join their group. A malicious xls file is sent along with these users.

“In late June, FireEye researchers discovered the APT34 fishing campaign. We have identified three main differences of this cyber operation. First, intruders seem to be Cambridge experts to gain user confidence. Secondly, LinkedIn is used to deliver malicious documents. Third, APT34 has added three new malicious programs to its arsenal”, — the FireEye report said.

The attacks also used the Pickpocket tool, designed to steal credentials from browsers.

Read also: Another tool of the Iranian government cyber espionage group APT34 leaked to the Internet

The main objectives of APT34 were from the oil, energy and gas fields, and the criminals also attacked state organizations.

The malicious document ERFT-Details.xls was used as a dropper, and the lure was the opportunity to get a job on the Cambridge research team.

In the final phase, the Tonedeaf backdoor is installed on the victim’s computer, which communicates with the C&C command server using HTTP GET and POST requests. The malware supports several commands that allow collecting system information, download and download files, and execute shell commands.

Recall that the APT34 group is also known as OilRig, HelixKitten and Greenbug.

“With increasing geopolitical tensions in the Middle East, we expect Iran to significantly increase the volume and scope of its cyber espionage campaigns. Iran has a critical need for strategic intelligence and is likely to fill this gap by conducting espionage against decision makers and key organizations that may have information that furthers Iran’s economic and national security goals. We recommend organizations remain vigilant in their defenses, and remember to view their environment holistically when it comes to information security”, — conclude FireEye specialists.

Polina Lisovskaya

I works as a marketing manager for years now and loves searching for interesting topics for you

Recent Posts

Remove News-bpudepi.today Pop-up Ads

About News-bpudepi.today News-bpudepi.today pop-ups can not launch out of the blue. If you have actually…

2 days ago

Remove Doguhtam.xyz Pop-up Ads

About Doguhtam.xyz Doguhtam.xyz pop-ups can not expose out of nowhere. If you have clicked some…

2 days ago

Remove News-xlixoti.com Pop-up Ads

About News-xlixoti.com News-xlixoti.com pop-ups can not introduce out of nowhere. If you have actually clicked…

2 days ago

Remove Ducesousightion.com Pop-up Ads

About Ducesousightion.com Ducesousightion.com pop-ups can not introduce out of the blue. If you have actually…

2 days ago

Remove News-xlabica.live Pop-up Ads

About News-xlabica.live News-xlabica.live pop-ups can not launch out of the blue. If you have actually…

2 days ago

Remove Mergechain.co.in Pop-up Ads

About Mergechain.co.in Mergechain.co.in pop-ups can not expose out of the blue. If you have clicked…

2 days ago