Latest Update22/11/2024

Threats Feed

  1. Public

    TA456's Advanced Espionage Tactics Against Defense Contractors Using LEMPO Malware

    The report from Proofpoint outlines a complex social engineering and malware campaign that appears to have been conducted by an actor aligned with the Iranian state, believed to be TA456. Over several years, TA456 used a fake social media persona, "Marcella Flores," to build a relationship with an employee of an aerospace defense contractor. The aim was to infect the target's computer with the LEMPO malware, designed for reconnaissance and data exfiltration. This campaign serves to illustrate TA456's persistence and advanced social engineering tactics, targeting smaller contractors with the ultimate goal of eventually compromising larger defense firms.

    read more about TA456's Advanced Espionage Tactics Against Defense Contractors Using LEMPO Malware
  2. Public

    Tortoiseshell's Cross-Platform Espionage Targets Military and Defense Industries in US, UK, and Europe

    Tortoiseshell targeted military personnel and companies in the defense and aerospace industries, primarily in the United States and, to a lesser extent, the UK and Europe. The group used social engineering, phishing, and custom malware tools, including Syskit and a Liderc-like reconnaissance tool, to compromise and profile victims' systems. The campaign involved fake online personas, spoofed domains, and outsourced malware development to Tehran-based IT company Mahak Rayan Afraz (MRA), which has ties to the Islamic Revolutionary Guard Corps (IRGC).

    read more about Tortoiseshell's Cross-Platform Espionage Targets Military and Defense Industries in US, UK, and Europe
  3. Public

    Tortoiseshell Targets U.S. Military Veterans with Malicious Job Seeking Website

    Tortoiseshell deployed a fake website targeting U.S. military veterans seeking jobs. The site tricked users into downloading a malicious app that served as a malware downloader, deploying spying tools and other malware. The fake website had users download a fake installer, which downloaded two binaries: a reconnaissance tool and a Remote Administrative Tool (RAT). The reconnaissance tool collected extensive information about the victim's machine, while the RAT allowed further remote control.

    read more about Tortoiseshell Targets U.S. Military Veterans with Malicious Job Seeking Website
  4. Public

    Tortoiseshell Group Targets IT Providers in Saudi Arabia: Supply Chain Attacks Uncovered

    The Tortoiseshell group has targeted IT providers in Saudi Arabia since at least July 2018, focusing on supply chain attacks to compromise the IT providers' customers. The group deployed both custom and off-the-shelf malware, infecting an unusually large number of computers in targeted attacks. The custom malware, Backdoor.Syskit allowed for downloading and executing additional tools and commands. The attackers used various information-gathering tools, achieving domain admin-level access on at least two organizations, and it is suspected they compromised a web server to deploy malware onto the network.

    read more about Tortoiseshell Group Targets IT Providers in Saudi Arabia: Supply Chain Attacks Uncovered