Threats Feed
- Public
MalKamak Targets Middle Eastern Aerospace and Telecom Firms with ShellClient RAT
The Iranian APT group MalKamak has been targeting aerospace and telecommunications companies in the Middle East since at least 2018, with additional victims in the US, Russia and Europe. The group uses ShellClient, a newly discovered remote access trojan (RAT), to conduct highly targeted cyberattacks. ShellClient uses Dropbox, a popular cloud-based service, for command and control (C2) operations, replacing the group's previous C2 infrastructure.
read more about MalKamak Targets Middle Eastern Aerospace and Telecom Firms with ShellClient RAT - Public
MalKamak's GhostShell Campaign Hits Middle East, U.S., and Europe
Operation GhostShell is a cyber espionage campaign targeting aerospace and telecommunications companies, primarily in the Middle East, with victims in the U.S., Russia and Europe. The operation, carried out by the Iranian group MalKamak, uses a stealthy, evolving remote access trojan (RAT) called ShellClient, which has been in development since 2018. ShellClient evades detection through masquerading, AES encryption and WMI-based reconnaissance. The attackers used tools such as PAExec for lateral movement and lsa.exe for credential dumping. Data exfiltration was facilitated by using WinRar to compress stolen information before sending it via Dropbox.
read more about MalKamak's GhostShell Campaign Hits Middle East, U.S., and Europe