Tag: infrastructure

Iranian cyber group Emennet Pasargad, operating as Aria Sepehr Ayandehsazan (ASA), has been linked to targeting the 2024 Summer Olympics and compromising a French display provider. The group, part of Iran's Islamic Revolutionary Guard Corps, used AI software, fictitious hosting resellers, and psych…

The advisory warns of Iranian cyber actors employing brute force techniques like password spraying and MFA 'push bombing' to compromise user accounts across critical sectors. After gaining access, they gather additional credentials, move laterally, and collect data potentially to sell on cybercrimi…

SideWinder APT group has expanded its activities, targeting high-profile entities in the Middle East and Africa. The group employs a multi-stage infection chain using spear-phishing emails with malicious attachments. A new post-exploitation toolkit called 'StealerBot' has been discovered, designed …

The IMEEX framework is a newly discovered, custom-built malware targeting Windows systems. Delivered as a 64-bit DLL, it offers extensive control over compromised machines, featuring execution of additional modules, file manipulation, process management, registry modification, and remote command ex…

Insikt Group unveiled Rhysida's complex infrastructure, comprising typo-squatted domains for SEO poisoning, payload servers, CleanUpLoader C2 infrastructure, and higher-tier components including an admin panel and Zabbix monitoring server. This multi-tiered setup enables early victim identification…

Since June 2024, the Iran-nexus actor CHARMING KITTEN has been creating new network infrastructure for credential phishing, targeting individuals perceived as threats to the Iranian regime. The actor's infrastructure, known as Cluster B, uses domains with specific characteristics like similar TLDs,…

Check Point Research uncovered a new malware campaign targeting Iraqi government entities, employing custom tools named Veaty and Spearal. The attack utilizes various techniques including passive IIS backdoors, DNS tunneling, and C2 communication via compromised email accounts. The malware shows co…

BlackBerry's researchers have uncovered a new campaign by the nation-state threat actor SideWinder. The group employs sophisticated techniques, such as utilizing carefully crafted phishing emails with visual lures designed to target specific organizations. The campaign aims to compromise ports and …