Threats Feed|APT34|Last Updated 18/09/2023|AuthorCertfa Radar|Publish Date30/08/2023

APT34 Targets U.S. Enterprises with New SideTwist Trojan Variant

  • Actor Motivations: Espionage,Exfiltration
  • Attack Vectors: Malicious Macro,Malware,Trojan,Phishing
  • Attack Complexity: Medium
  • Threat Risk: Low Impact/High Probability

Threat Overview

APT34 has launched a new phishing campaign, using a decoy file named “GGMS Overview.doc” to target U.S.-based enterprises. The campaign employs a variant of the SideTwist Trojan for long-term control over victim hosts. Malicious macros in the document deploy the Trojan, which communicates with a C&C server. Interestingly, the C&C IP address is associated with the United States Department of Defense Network Information Center. The Trojan is capable of executing commands from the C&C and exfiltrating local files. It suggests the APT34 group might be conducting a test operation to preserve attack resources.

Detected Targets

RegionUnited States

Extracted IOCs

  • 056378877c488af7894c8f6559550708
  • 5e0b8bf38ad0d8c91310c7d6d8d7ad64
  • 11[.]0.188.38
  • hxxp://11[.]0.188.38:443/

Tip: 4 related IOCs (1 IP, 0 domain, 1 URL, 0 email, 2 file hash) to this threat have been found.