Cyber attackers have been targeting Iraqi government entities with malicious software since 2024, using deceptive documents disguised as legitimate files.

Who was behind the attack?

The attacks were carried out by APT34, a cyber-espionage group active since 2012, known for spying and stealing sensitive information primarily across the Middle East.

What were the attackers trying to achieve?

Their main goal appears to be espionage—gathering sensitive governmental information and maintaining long-term hidden access to targeted networks.

Who was targeted by this attack?

Primarily, Iraqi government organizations were targeted, though historically APT34 has attacked entities across energy, finance, aviation, and defense sectors.

How did the attackers gain access?

The attackers used carefully crafted phishing emails with fake documents and invitations, tricking employees into opening malicious files disguised as PDFs.

Why would attackers target these specific entities?

Government agencies hold sensitive, strategic information valuable for intelligence gathering, influencing policy, or gaining political leverage.

How can organizations protect themselves from these types of attacks?

Organizations should enhance their email and network security, conduct regular employee training on phishing attacks, and continuously monitor systems for unusual activity.

Is this issue widespread or specific?

This attack campaign specifically targeted Iraqi state entities, but the group behind it (APT34) is known to regularly attack various organizations across the Middle East.

Threats Feed|APT34|Last Updated 04/04/2025|AuthorCertfa Radar|Publish Date26/03/2025

APT34 Targets Iraqi Government with Dual-Channel C2 and Obfuscated Backdoors

Threat Overview

APT34 (OilRig) has launched a targeted cyber espionage campaign against Iraqi government entities since 2024, using spearphishing emails with forged documents to deploy custom C# malware disguised as PDF files. The malware performs system reconnaissance, anti-VM checks, and sets up persistence via scheduled tasks. It communicates with command-and-control infrastructure through both HTTP and compromised Iraqi government email accounts (SMTP/IMAP). The group also utilizes European-hosted infrastructure with deceptive 404 pages and obfuscated communication protocols. Targeted sectors include government, energy, finance, defense, and telecommunications, indicating a continued focus on intelligence gathering in the Middle East.

Reference and Credit: ThreatBook - March 2025

New Malware from APT34 Targets Iraqi Entities

Detected Targets

Type	Description	Confidence
Sector	Government Agencies and Services	Verified
Region	Iraq	Verified

Extracted IOCs

asiacall[.]net
fastasia[.]shop
iqwebservice[.]com
livekv[.]com
mytrustiq[.]com
sidaop[.]com
e7d52ef521b8cd0b405575c185d64033
6bb4414d717a290b80cca32655b7198f0c832add
b607d60d680f1f1335902a666df843ac9cc58299af6731d2ad1a5ea617cf4a99
130[.]0.233.63
151[.]236.17.231
185[.]76.78.177
192[.]71.166.24
193[.]36.132.224
198[.]44.140.29
38[.]180.31.225
89[.]46.233.239
91[.]132.95.117
95[.]156.204.168

download

Tip: 19 related IOCs (10 IP, 6 domain, 0 URL, 0 email, 3 file hash) to this threat have been found.

FAQs

New Cyberattacks Targeting Iraqi Government Agencies

: Cyber attackers have been targeting Iraqi government entities with malicious software since 2024, using deceptive documents disguised as legitimate files.
: The attacks were carried out by APT34, a cyber-espionage group active since 2012, known for spying and stealing sensitive information primarily across the Middle East.
: Their main goal appears to be espionage—gathering sensitive governmental information and maintaining long-term hidden access to targeted networks.
: Primarily, Iraqi government organizations were targeted, though historically APT34 has attacked entities across energy, finance, aviation, and defense sectors.
: The attackers used carefully crafted phishing emails with fake documents and invitations, tricking employees into opening malicious files disguised as PDFs.
: Government agencies hold sensitive, strategic information valuable for intelligence gathering, influencing policy, or gaining political leverage.
: Organizations should enhance their email and network security, conduct regular employee training on phishing attacks, and continuously monitor systems for unusual activity.
: This attack campaign specifically targeted Iraqi state entities, but the group behind it (APT34) is known to regularly attack various organizations across the Middle East.

About Affiliation

APT34

Associate threats