Latest Update21/11/2024

Threats Feed

  1. Public

    Tortoiseshell's Cross-Platform Espionage Targets Military and Defense Industries in US, UK, and Europe

    Tortoiseshell targeted military personnel and companies in the defense and aerospace industries, primarily in the United States and, to a lesser extent, the UK and Europe. The group used social engineering, phishing, and custom malware tools, including Syskit and a Liderc-like reconnaissance tool, to compromise and profile victims' systems. The campaign involved fake online personas, spoofed domains, and outsourced malware development to Tehran-based IT company Mahak Rayan Afraz (MRA), which has ties to the Islamic Revolutionary Guard Corps (IRGC).

    read more about Tortoiseshell's Cross-Platform Espionage Targets Military and Defense Industries in US, UK, and Europe
  2. Public

    Tortoiseshell Targets U.S. Military Veterans with Malicious Job Seeking Website

    Tortoiseshell deployed a fake website targeting U.S. military veterans seeking jobs. The site tricked users into downloading a malicious app that served as a malware downloader, deploying spying tools and other malware. The fake website had users download a fake installer, which downloaded two binaries: a reconnaissance tool and a Remote Administrative Tool (RAT). The reconnaissance tool collected extensive information about the victim's machine, while the RAT allowed further remote control.

    read more about Tortoiseshell Targets U.S. Military Veterans with Malicious Job Seeking Website
  3. Public

    Tortoiseshell Group Targets IT Providers in Saudi Arabia: Supply Chain Attacks Uncovered

    The Tortoiseshell group has targeted IT providers in Saudi Arabia since at least July 2018, focusing on supply chain attacks to compromise the IT providers' customers. The group deployed both custom and off-the-shelf malware, infecting an unusually large number of computers in targeted attacks. The custom malware, Backdoor.Syskit allowed for downloading and executing additional tools and commands. The attackers used various information-gathering tools, achieving domain admin-level access on at least two organizations, and it is suspected they compromised a web server to deploy malware onto the network.

    read more about Tortoiseshell Group Targets IT Providers in Saudi Arabia: Supply Chain Attacks Uncovered