Latest Update21/02/2024

Threats Feed

  1. Public

    APT34 Targets U.S. Enterprises with New SideTwist Trojan Variant

    APT34 has launched a new phishing campaign, using a decoy file named “GGMS Overview.doc” to target U.S.-based enterprises. The campaign employs a variant of the SideTwist Trojan for long-term control over victim hosts. Malicious macros in the document deploy the Trojan, which communicates with a C&C server. Interestingly, the C&C IP address is associated with the United States Department of Defense Network Information Center. The Trojan is capable of executing commands from the C&C and exfiltrating local files. It suggests the APT34 group might be conducting a test operation to preserve attack resources.

    read more about APT34 Targets U.S. Enterprises with New SideTwist Trojan Variant
  2. Public

    Iranian APT34's Evolving Arsenal: A Deep Dive into the SideTwist Campaign

    The article from Check Point Research focuses on the resurgence of Iran's APT34 cyber espionage group, which has updated its tactics and tools. This group, also known as OilRig, has targeted a Lebanese entity using a new backdoor variant named "SideTwist". They have refined their strategies to evade detection, continuing their pattern of using job opportunity documents to deliver malware through LinkedIn. The article provides an in-depth analysis of the infection chain, the malware's capabilities, and its persistence techniques. It aligns with APT34's history of targeting Middle Eastern entities, underscoring the ongoing cyber threats in the region.

    read more about Iranian APT34's Evolving Arsenal: A Deep Dive into the SideTwist Campaign