Iranian APT34's Evolving Arsenal: A Deep Dive into the SideTwist Campaign
- Actor Motivations: Espionage
- Attack Vectors: Backdoor,Malicious Macro,Malware
- Attack Complexity: Low
- Threat Risk: High Impact/Low Probability
Threat Overview
The article from Check Point Research focuses on the resurgence of Iran's APT34 cyber espionage group, which has updated its tactics and tools. This group, also known as OilRig, has targeted a Lebanese entity using a new backdoor variant named "SideTwist". They have refined their strategies to evade detection, continuing their pattern of using job opportunity documents to deliver malware through LinkedIn. The article provides an in-depth analysis of the infection chain, the malware's capabilities, and its persistence techniques. It aligns with APT34's history of targeting Middle Eastern entities, underscoring the ongoing cyber threats in the region.
Detected Targets
| Type | Description | Confidence |
|---|---|---|
| Case | Ntiva Ntiva is an information technology company providing managed IT services, IT consulting and solutions, cybersecurity, and cloud services 24/7 to organizations. Ntiva has been targeted by APT34 with abusive purposes. | Verified |
| Sector | Information Technology | Medium |
| Region | Lebanon | Verified |
Extracted IOCs
- sarmsoftware[.]com
- 6615c410b8d7411ed14946635947325e
- 94004648630739c154f78a0bae0bec0a
- 273488416b5d6f1297501825fa07a5a9325e9b56
- 9bba72ac66af84253b55dd7789afc90e0344bf25
- 13c27e5049a7fc5a36416f2c1ae49c12438d45ce50a82a96d3f792bfdacf3dcd
- 47d3e6c389cfdbc9cf7eb61f3051c9f4e50e30cf2d97499144e023ae87d68d5a
Tip: 7 related IOCs (0 IP, 1 domain, 0 URL, 0 email, 6 file hash) to this threat have been found.