The xlsb attachment downloads a powershell which recover a zip document. Inside, there is the malware (aka Java RAT or jRAT).
The failure of the launch of the Iranian Zafar satellite may have been caused not by an error or a technical accident, but by a cyber attack
Iran may have failed to launch its latest satellite, the Zafar (Victory in Farsi), which took place just a few days ago, not because of a mistake or a technical accident, but by a cyber attack. The Simorgh rocket had taken off and brought the device regularly into space, so much so that the announcement of a success had come from Tehran. Then, however, this failed to reach the expected orbit. The Islamic Republic stressed that the reason for the fiasco was that it had not been able to reach enough speed to enter orbit. But, several analysts believe there has been a sabotage on command and control systems or the carrier. The most likely perpetrators are the United States or Israel, which repeatedly protested the operations of the Middle Eastern country’s space program, expressing doubts about its legitimacy.
The US continues to accuse Tehran of using the space program as an excuse to develop military ballistics. In addition, the country in recent days has suffered a mysterious cyber offensive
Washington is convinced that the launch of satellites will serve Tehran to mask the development of its military ballistic program. Accusations just reiterated by the US Secretary of State, Mike Pompeo, who stressed that “every launch, failed or not, also allows Iran to gain experience in the use of these technologies that could benefit its missile programs under the guise of a peaceful space program. The United States – he added – will continue to provide support worldwide to deal with the reckless ballistic missile activity of the Iranian regime and we will continue to impose enormous pressure on the regime to change its behavior “. As a further element, there is the fact that in the last few days there has been a spike in cyber attacks against the Middle Eastern nation. The Iranian authorities confirmed this without however specifying the origin or what they had targeted.
The background of the cyber war between the USA, Israel and lran
On the other hand, there are several precedents in this regard. The best known is the one concerning the sabotage of the Natanz nuclear centrifuges, which took place thanks to the Stuxnet virus and attributed to the US and Israel. In that case, someone inserted a USB device into the structure’s computers, isolated from the web, causing the spread of malware that blocked the plants affecting the industrial control processes (ICP). Since then there have been other cyber offensives against Iran, less advertised but equally disruptive. From attacks on Cisco switches in the Islamic Republic, through the Saffron Rose operation of Tehran state hackers. This, not to mention that on several occasions experts in the sector have died mysteriously. See the case of Mojtaba Ahmadi, commander of the Cyber War headquarters, killed in 2013 by unknown men.