FireEye unveiled the new Iran-linked APT34 cyber espionage campaign. It is based on three pillars: Masquerading as a member of Cambridge University to gain victims’ trust to open malicious documents, the usage of LinkedIn to deliver malicious documents, and the addition of three new malware families to it’s arsenal
Here it is the new Iran-linked APT34 cyber espionage phishing campaign. It has been unveiled by FireEye cyber security experts. The researchers found it’s three key attributes: the first is masquerading as a member of Cambridge University to gain victims’ trust to open malicious documents. This through job offer conversations. The second is the usage of LinkedIn to deliver malicious documents. Finally, the third is the addition of three new malware families to the hackers arsenal: VALUEVAULT and PICKPOCKET, browser credential-theft tools, and LONGWATCH. it’s primary function is a keylogger. The targets, instead, are Energy and Utilities, Government, and Oil and Gas sectors.
The cyber security experts fear that this won’t be the last time malicious hackers bring new tools. Iran will significantly increase the volume and scope of its cyber espionage campaigns
The cyber security experts, suspect this will not be the last time APT34 brings new tools to the table. Threat actors are often reshaping their TTPs to evade detection mechanisms, especially if the target is highly desired. For these reasons, they recommends organizations remain vigilant in their defenses, and remember to view their environment holistically when it comes to information security. With increasing geopolitical tensions in the Middle East, in fact, FireEye expects Iran to significantly increase the volume and scope of its cyber espionage campaigns. Tehran has a critical need for strategic intelligence and is likely to fill this gap by conducting espionage against decision makers and key organizations that may have information that furthers Iran’s economic and national security goals.