{"id":8579,"date":"2024-02-29T15:59:09","date_gmt":"2024-02-29T06:59:09","guid":{"rendered":"https:\/\/cyberenso.jp\/?p=8579"},"modified":"2024-11-19T16:02:22","modified_gmt":"2024-11-19T07:02:22","slug":"suspected-iranian-threat-actor-unc1549-targets-israeli-and-middle-east-aerospace-and-defense-sectors","status":"publish","type":"post","link":"https:\/\/cyberenso.jp\/en\/suspected-iranian-threat-actor-unc1549-targets-israeli-and-middle-east-aerospace-and-defense-sectors\/","title":{"rendered":"Suspected Iranian Threat Actor UNC1549 Targets Israeli and Middle East Aerospace and Defense Sectors"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"8579\" class=\"elementor elementor-8579\" data-elementor-post-type=\"post\">\n\t\t\t\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-b1c4b35 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"b1c4b35\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-d68cb7a\" data-id=\"d68cb7a\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t\t\t<div class=\"elementor-element elementor-element-35a6716 elementor-widget elementor-widget-text-editor\" data-id=\"35a6716\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>Suspected Iran-nexus espionage activity targeting the aerospace, aviation and defense industries in Middle East countries, including Israel and the United Arab Emirates (UAE) and potentially Turkey, India, and Albania. Mandiant attributes this activity with moderate confidence to the Iranian actor UNC1549, which overlaps with Tortoiseshell\u2014a threat actor that has been publicly linked to Iran\u2019s Islamic Revolutionary Guard Corps (IRGC). Tortoiseshell has previously attempted to compromise supply chains by targeting defense contractors and IT providers.<br \/><br \/>This suspected UNC1549 campaign uses multiple \u00a0methods to achieve initial access to the targets: spear-phishing and credential harvesting and then payload delivery then payload installation and device compromise.<br \/><br \/>Iranian malicious groups must be tracked comprehensively by Japanese organizations, since their TTPs are continually advancing, and their proactivity is increasing<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Suspected Iran-nexus espionage activity targeting the aerospace, aviation and defense industries in Middle East countries, including Israel and the United Arab Emirates (UAE) and potentially Turkey, India, and Albania. Mandiant attributes this activity with moderate confidence to the Iranian actor UNC1549, which overlaps with Tortoiseshell\u2014a threat actor that has been publicly linked to Iran\u2019s Islamic Revolutionary Guard Corps (IRGC). Tortoiseshell<span class=\"excerpt-hellip\"> [\u2026]<\/span><\/p>\n","protected":false},"author":1,"featured_media":8584,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[225,6,8,1],"tags":[],"class_list":["post-8579","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-heavy-industry","category-latest_news","category-industry_sector","category-uncategorized"],"acf":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/cyberenso.jp\/wp-content\/uploads\/2024\/11\/Picture2.jpg.png?fit=602%2C338&ssl=1","_links":{"self":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts\/8579"}],"collection":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/comments?post=8579"}],"version-history":[{"count":5,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts\/8579\/revisions"}],"predecessor-version":[{"id":8586,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts\/8579\/revisions\/8586"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/media\/8584"}],"wp:attachment":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/media?parent=8579"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/categories?post=8579"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/tags?post=8579"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}