Suspected Iranian Threat Actor UNC1549 Targets Israeli and Middle East Aerospace and Defense Sectors
This blog details suspected Iranian espionage activity since June 2022 targeting aerospace aviation and defense entities in Israel UAE and potentially Turkey India and Albania. The campaign involves social engineering to deploy two backdoors MINIBIKE and MINIBUS and extensive use of Azure infrastructure for command and control. The activity shows potential links to Iranian actor UNC1549 which overlaps with IRGC-affiliated Tortoiseshell. The targeting focuses on sectors of strategic interest to Iran and the evasion tactics aim to mask the malicious operations.