Iranian Dream Job campaign
Nov. 12, 2024, 12:27 p.m.
Description
An Iranian campaign targeting the aerospace industry has been uncovered, distributing SnailResin malware through a 'dream job' scheme. Attributed to TA455, a subgroup of Charming Kitten, the campaign uses social engineering tactics on LinkedIn, impersonating recruiters to lure victims. The attack employs multi-stage infection chains, DLL side-loading, and leverages legitimate services like Cloudflare and GitHub to evade detection. The campaign has been active since September 2023, constantly evolving its infrastructure and malware. Similarities with North Korean Lazarus Group tactics suggest either impersonation or shared attack methods. The campaign primarily targets aerospace, aviation, and defense industries in the Middle East, especially Israel and UAE.
Tags
Date
- Created: Nov. 12, 2024, 12:11 p.m.
- Published: Nov. 12, 2024, 12:11 p.m.
- Modified: Nov. 12, 2024, 12:27 p.m.
Indicators
- bf308e5c91bcd04473126de716e3e668cac6cb1ac9c301132d61845a6d4cb362
- 89.221.225.249
- 89.221.225.248
- 89.221.225.247
- 89.221.225.246
- 89.221.225.245
- 89.221.225.243
- 89.221.225.244
- 89.221.225.242
- 89.221.225.241
- 89.221.225.240
- 89.221.225.239
- 89.221.225.238
- 89.221.225.237
- 89.221.225.236
- 89.221.225.234
- 89.221.225.233
- 89.221.225.232
- 89.221.225.231
- 77.91.74.186
- 89.221.225.230
- 77.91.74.171
- 89.221.225.235
- raw.ghubusercontent.com
- xboxapicenter.com
- careers2find.com
Additional Informations
- Aerospace
- Defense
- British Indian Ocean Territory
- Albania
- India
- United Arab Emirates
- Israel