Cert2Connect

Targeted Iranian Attacks Against Iraqi Government Infrastructure

Check Point Research uncovered a new malware campaign targeting Iraqi government entities employing custom tools named Veaty and Spearal. The attack utilizes various techniques including passive IIS backdoors DNS tunneling and C2 communication via compromised email accounts. The malware shows connections to previously known APT34 malware families like Karkoff Saitama and IIS Group 2 which are associated with Iranian intelligence services. The campaign features unique command and control mechanisms and tailored infrastructure for specific targets. The initial infection vector likely involved social engineering with malware disguised as document attachments. The actors demonstrated sophisticated techniques to evade detection and maintain persistence within compromised networks.
Overzicht

WILT U WETEN HOE DIT RISICO
UITGEBANNEN KAN WORDEN?

Wij helpen je graag. Indien gewenst geven we graag een presentatie of demo van onze oplossingsaanpak. Je vindt ons ook regelmatig op beurzen en events. Volg de evenementenpagina op deze site of meld je aan via de contactpagina voor onze nieuwsbrief.

Maak een afspraak