Threats Feed|APT35|Last Updated 24/01/2025|AuthorCertfa Radar|Publish Date29/11/2024

APT35 Targets Aerospace and Semiconductor Sectors Across Multiple Countries

  • Actor Motivations: Espionage,Exfiltration
  • Attack Vectors: Malware,Spear Phishing
  • Attack Complexity: High
  • Threat Risk: High Impact/Low Probability

Threat Overview

APT35 targeted the aerospace and semiconductor industries in the US, Thailand, UAE, and Israel using fake recruitment and corporate websites. These sites delivered malware via forged legitimate programs and malicious DLLs to compromise victims. The group leveraged platforms like GitHub, OneDrive, and Google Cloud for C&C communications and payload delivery. In a related attack, a semiconductor company was targeted using a VPN program laced with malicious components. Persistence mechanisms included registry modifications, while obfuscation techniques were used to evade detection. APT35’s activities are linked to the Islamic Revolutionary Guard Corps (IRGC) of Iran.

Reference and Credit: ThreatBook - November 2024

APT35 Forges Recruitment Sites, Launches Attacks on Aerospace and Semiconductor Industries in Multiple Countries

Detected Targets

TypeDescriptionConfidence
SectorHigh-Tech
Verified
SectorAerospace
Verified
RegionIsrael
Verified
RegionThailand
Verified
RegionUnited Arab Emirates
Verified
RegionUnited States
Verified

Extracted IOCs

  • msdnhelp[.]com
  • visioffline[.]com
  • xboxapicenter[.]com
  • cdn.careers2find[.]com
  • customer.orbotech[.]info
  • 88097e4780bfdc184b16c5a8a90793983676ad43749ffca49c9d70780e32c33a
  • 918e70e3f5fdafad28effd512b2f2d21c86cb3d3f14ec14f7ff9e7f0760fd760
  • bf308e5c91bcd04473126de716e3e668cac6cb1ac9c301132d61845a6d4cb362
  • c1f1ce81115bed45c594aeeb92adb687bb04478cb40bb9dab538277d0c8cc13e
  • cfdc7747b716be5817ce1bc76decfb3e1b27113545a01558ed97ab5fd024c53e
  • db034eb09fea48cc77d19804126f64c5336dd4e33b3884dc33d5336a434cb315
  • e5fbaab1270deb86b419abb348f19c2b9afd6e5c2e151c4d0869f6c5d889e029
download

Tip: 12 related IOCs (0 IP, 5 domain, 0 URL, 0 email, 7 file hash) to this threat have been found.

Overlaps

TA455Charming Kitten’s TA455 Uses Social Engineering to Spread Malware in Aerospace Sector

Source: ClearSky - November 2024

Detection (one case): xboxapicenter[.]com

Hint: Overlaps are extracted automatically by examining the IOCs associated with all indexed threats and actors.

About Affiliation
APT35
View APT35's Insights