Forges Recruitment Sites, Launches Attacks on Aerospace and Semiconductor Industries in Multiple Countries
Dec. 4, 2024, 9:44 p.m.
Tags
External References
Description
In this analysis, researchers have uncovered a malicious campaign orchestrated by APT35, a threat group believed to be affiliated with the Islamic Revolutionary Guard Corps (IRGC) of Iran. The group has been observed using forged recruitment sites and corporate sites to target the aerospace and semiconductor industries across multiple countries, including the United States, Thailand, the United Arab Emirates, and Israel. The attackers lure victims into downloading and executing malicious processes under the guise of site access or VPN access. The campaign leverages legitimate internet resources such as OneDrive, Google Cloud, and GitHub, and employs various tactics to evade detection and facilitate its operations. The detailed report provides an in-depth examination of the attack methods, infrastructure, and indicators of compromise (IOCs) associated with this campaign.
Date
Published: Dec. 4, 2024, 8:41 p.m.
Created: Dec. 4, 2024, 8:41 p.m.
Modified: Dec. 4, 2024, 9:44 p.m.
Indicators
db034eb09fea48cc77d19804126f64c5336dd4e33b3884dc33d5336a434cb315
c1f1ce81115bed45c594aeeb92adb687bb04478cb40bb9dab538277d0c8cc13e
cfdc7747b716be5817ce1bc76decfb3e1b27113545a01558ed97ab5fd024c53e
88097e4780bfdc184b16c5a8a90793983676ad43749ffca49c9d70780e32c33a
https://quiz.careers2find.com
http://xboxapicenter.com/
quiz.careers2find.com
customer.orbotech.info
cdn.careers2find.com
msdnhelp.com
visioffline.com
xboxapicenter.com
Attack Patterns
APT35
T1134.002
T1558.003
T1050
T1222.001
T1195.002
T1567.002
T1071.004
T1053.005
T1197
T1574.002
T1497.001
T1059.003
T1059.001
T1059.007
T1071.001
T1036.005
T1566.001
T1219
Additional Informations
Aerospace
Semiconductor
United Arab Emirates
Thailand
Israel
United States of America