Whispering in the dark
June 10, 2025, 7:58 p.m.
Description
ESET researchers uncovered a cyberespionage campaign by BladedFeline, an Iran-aligned APT group likely tied to OilRig. The group has targeted Kurdish and Iraqi government officials since at least 2017, using various malicious tools including the Whisper backdoor, PrimeCache IIS module, and reverse tunnels. BladedFeline maintains persistent access to high-ranking officials in both the Kurdistan Regional Government and Iraqi government, likely for espionage purposes. The group's toolset includes sophisticated backdoors, webshells, and custom tunneling applications. ESET assesses with medium confidence that BladedFeline is a subgroup of OilRig, based on shared code, targets, and tactics. The campaign also extended to a telecommunications provider in Uzbekistan.
Tags
Date
- Created: June 10, 2025, 6:09 p.m.
- Published: June 10, 2025, 6:09 p.m.
- Modified: June 10, 2025, 7:58 p.m.
Indicators
- ec929123c9a7e9c60868381ba479f7567f0177d09b412e0a1bd4cecc448ba10d
- dcdaa9da5ee4750b1084f7dd99faeed2c713595bb156ac6491b29c2f9e0a1ade
- b85ffc8af90d4312aca9a81e0da00aabe6278fd9c92e933aec7e2da80c2c1f7e
- 42acdf5051bc636dbbb56483fbca925238f1c5422497e2dda73f07b0653e56f2
- 1388f124c6af24eefe5483a5a50ab186abdf51a89875036f7383ea51139ab4b4
- 0b3a08a1d90bf52dbf5379c72b8e2b6e76aa1fbf2c2e6c2d32af99c4707598a7
- 068f5adf9c87d0b3fa8a37056042e76139bb230a9fd559028eb13cdf360ebbaa
- 3ab29bc71ddd272f33f17c5108c044a570610c06ccba16cde1a4aa67b1524a8b
- 178.209.51.61
- 185.76.78.177
- https://zaincell.store/request/
- http://178.209.51.61:8000/wincapsrv.exe
Additional Informations
- Telecommunications
- Government
- Iraq
- Uzbekistan