Threats Feed|APT34|Last Updated 17/01/2024|AuthorCertfa Radar|Publish Date08/04/2021

Iranian APT34's Evolving Arsenal: A Deep Dive into the SideTwist Campaign

  • Actor Motivations: Espionage
  • Attack Vectors: Backdoor,Malicious Macro,Malware
  • Attack Complexity: Low
  • Threat Risk: High Impact/Low Probability

Threat Overview

The article from Check Point Research focuses on the resurgence of Iran's APT34 cyber espionage group, which has updated its tactics and tools. This group, also known as OilRig, has targeted a Lebanese entity using a new backdoor variant named "SideTwist". They have refined their strategies to evade detection, continuing their pattern of using job opportunity documents to deliver malware through LinkedIn. The article provides an in-depth analysis of the infection chain, the malware's capabilities, and its persistence techniques. It aligns with APT34's history of targeting Middle Eastern entities, underscoring the ongoing cyber threats in the region.

Detected Targets

Ntiva is an information technology company providing managed IT services, IT consulting and solutions, cybersecurity, and cloud services 24/7 to organizations. Ntiva has been targeted by APT34 with abusive purposes.
SectorInformation Technology

Extracted IOCs

  • sarmsoftware[.]com
  • 6615c410b8d7411ed14946635947325e
  • 94004648630739c154f78a0bae0bec0a
  • 273488416b5d6f1297501825fa07a5a9325e9b56
  • 9bba72ac66af84253b55dd7789afc90e0344bf25
  • 13c27e5049a7fc5a36416f2c1ae49c12438d45ce50a82a96d3f792bfdacf3dcd
  • 47d3e6c389cfdbc9cf7eb61f3051c9f4e50e30cf2d97499144e023ae87d68d5a

Tip: 7 related IOCs (0 IP, 1 domain, 0 URL, 0 email, 6 file hash) to this threat have been found.