The SpearSpecter espionage campaign employs patience and advanced malware to extract sensitive information from senior government and defense officials worldwide. Utilizing fake conference invitations and WhatsApp communications, the Iranian attackers build trust with their victims before launching their attack. Operatives associated with Iran’s Islamic Revolutionary Guard Corps Intelligence are known to target not just the officials, but also their family members to further infiltrate secure environments.
Researchers from the Israel National Digital Agency identified the malware and the expansive scope of this operation. The malicious techniques involve tricking victims into clicking on links disguised as important documents, which ultimately connect to the attackers’ WebDAV server displaying a fake PDF. Further, the malware retrieves a PowerShell-based backdoor dubbed TAMECAT, which captures sensitive data such as browser passwords and takes screenshots. Notably, TAMECAT avoids detection through the use of legitimate Windows programs, demonstrating a high level of sophistication in its design and execution.
👉 Pročitaj original: Cyber Security News
