CISA: Admin Credentials of a Former Employee Leveraged to Compromise a State Government Organization
February 29, 2024
NTLM authentication hashes are stolen during phishing attacks by hackers
March 4, 2024

Suspected Iranian Threat Actor UNC1549 Targets Israeli and Middle East Aerospace and Defense Sectors

Suspected Iran-nexus espionage activity targeting the aerospace, aviation and defense industries in Middle East countries, including Israel and the United Arab Emirates (UAE) and potentially Turkey, India, and Albania. Mandiant attributes this activity with moderate confidence to the Iranian actor UNC1549, which overlaps with Tortoiseshell—a threat actor that has been publicly linked to Iran’s Islamic Revolutionary Guard Corps (IRGC). Tortoiseshell has previously attempted to compromise supply chains by targeting defense contractors and IT providers.

This suspected UNC1549 campaign uses multiple  methods to achieve initial access to the targets: spear-phishing and credential harvesting and then payload delivery then payload installation and device compromise.

Iranian malicious groups must be tracked comprehensively by Japanese organizations, since their TTPs are continually advancing, and their proactivity is increasing

Related posts

April 11, 2024

Threat Actors Are Actively Using Pupy RAT Malware to Attack Linux Systems

Read more

Leave a Reply

Your email address will not be published. Required fields are marked *

Collaboration can mitigate the effects of Ransomware Attacks

Archives
Categories
Privacy Policy
RSS NCSC Threat Reports Feed

© 2021 CyberEnsō – Nihon Cyber Defence Co., Ltd. All Rights Reserved.