Related Families: MuddyRot aka BugSleep
Verticals Targeted: Transportation, Government, Media, Travel
Executive Summary
A wiper known as BiBi-Linux was recently observed targeting entities in Israel. A pro-Hamas hacktivist group was behind the attacks.
Verticals Targeted: Government
Executive Summary
Deadglyph is a backdoor used by the Stealth Falcon threat actor group for espionage operations targeting entities in the Middle East.
Related Families: HTTPSnoop, PipeSnoop
Verticals Targeted: Telecommunications
Executive Summary
ShroudedSnooper used the novel implants HTTPSnoop and PipeSnoop to target telecommunications entities in the Middle East.
Verticals Targeted: Automotive, Communications, Engineering, Financial Services, Healthcare, Insurance, Legal, Manufacturing, Retail, Technology, Telecommunications
Executive Summary
Charming Kitten, an Iran nexus threat actor group, was recently observed using Sponsor backdoor to target at least 34 entities in Brazil, Israel, and UAE.
Related Families: Drokbk, Soldier
Verticals Targeted: Critical Infrastructure, Telecommunications, Government, Energy, Transportation. Utilities, Oil & Gas
Executive Summary
Mint Sandstorm was recently observed targeting US critical infrastructure entities. These include seaports, energy companies, transportation systems, and a US utility and gas entity.
Executive Summary
This Threat Bulletin is part of PolySwarm’s 2022 Recap series. This report highlights activity perpetrated by Iran-based threat actors in 2022.
Key Takeaways
- This report provides highlights of activity perpetrated by Iran-based threat actors in 2022.
- Threat actors featured in this report include Static Kitten, Charming Kitten, Siamese Kitten, Fox Kitten, Helix Kitten, Nemesis Kitten, Refined Kitten, Moses Staff, Cobalt Mirage, and APT42.
- PolySwarm tracked malware associated with multiple Iran nexus threat actors in 2022.
Background
Proofpoint recently posted their findings on a Molerats espionage campaign leveraging a new implant dubbed NimbleMamba. In this campaign, Molerats employed a complex attack chain that uses a combination of geofencing and URL redirects to legitimate sites to evade detection. Targets of this campaign included Middle Eastern governments, foreign policy think tanks, and an airline.