Targeted Iranian Attacks Against Iraqi Government Infrastructure

Description

Check Point Research uncovered a new malware campaign targeting Iraqi government entities, employing custom tools named Veaty and Spearal. The attack utilizes various techniques including passive IIS backdoors, DNS tunneling, and C2 communication via compromised email accounts. The malware shows connections to previously known APT34 malware families like Karkoff, Saitama, and IIS Group 2, which are associated with Iranian intelligence services. The campaign features unique command and control mechanisms and tailored infrastructure for specific targets. The initial infection vector likely involved social engineering, with malware disguised as document attachments. The actors demonstrated sophisticated techniques to evade detection and maintain persistence within compromised networks.