Threats Feed|APT34|Last Updated 25/07/2024|AuthorCertfa Radar|Publish Date30/08/2023

APT34 Targets U.S. Enterprises with New SideTwist Trojan Variant

Actor Motivations: Espionage,Exfiltration
Attack Vectors: Malicious Macro,Malware,Trojan,Phishing
Attack Complexity: Medium
Threat Risk: Low Impact/High Probability

Threat Overview

APT34 has launched a new phishing campaign, using a decoy file named “GGMS Overview.doc” to target U.S.-based enterprises. The campaign employs a variant of the SideTwist Trojan for long-term control over victim hosts. Malicious macros in the document deploy the Trojan, which communicates with a C&C server. Interestingly, the C&C IP address is associated with the United States Department of Defense Network Information Center. The Trojan is capable of executing commands from the C&C and exfiltrating local files. It suggests the APT34 group might be conducting a test operation to preserve attack resources.

Reference and Credit: NSFOCUS - August 2023

APT34 Unleashes New Wave of Phishing Attack with Variant of SideTwist Trojan

Detected Targets

Type	Description	Confidence
Region	United States	Medium

Extracted IOCs

056378877c488af7894c8f6559550708
5e0b8bf38ad0d8c91310c7d6d8d7ad64
11[.]0.188.38
hxxp://11[.]0.188.38:443/

download

Tip: 4 related IOCs (1 IP, 0 domain, 1 URL, 0 email, 2 file hash) to this threat have been found.

About Affiliation

APT34

Associate threats

Iranian APT34's Evolving Arsenal: A Deep Dive into the SideTwist Campaign