A sophisticated cyber espionage campaign attributed to Iranian state-sponsored group APT34 (OilRig) has targeted Iraqi governmental entities and critical infrastructure sectors since late 2024, leveraging new malware variants designed to evade conventional security measures. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. ThreatBook’s analysis reveals APT34 maintains operational flexibility through a distributed C2 infrastructure leveraging European hosting providers, with identified nodes including 89.46.233.239 (Norway) and 151.236.17.231 (Germany). ThreatBook’s Threat Detection Platform (TDP) and OneDNS services currently provide coverage for associated indicators of compromise, though the malware’s adaptive communication protocols necessitate behavioral analysis defenses. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. ThreatBook analysts identified over a dozen compromised Iraqi government email addresses being exploited for lateral movement, including [email protected] and [email protected]. Attack chains begin with executables masquerading as PDF files (Ravateb.pdf.exe) that deploy backdoors capable of both HTTP and compromised email account-based command-and-control (C2) communication.
This Cyber News was published on cybersecuritynews.com. Publication date: Tue, 01 Apr 2025 18:35:06 +0000