Cyber security expert and Yoroi founder, Marco Ramilli, analyzed the two state-sponsored groups to look for strong and weak similarities.
The cyber security expert, Marco Ramilli, analyzed it to match the clues e find if Iranian state-sponsored hackers are behind the operation. Something says Yes, something diverge.
The cyber security experts: There are many similarities on TTPs, targets and purposes. The credential harvesting could be complementary to the WebMask project on DNS Hijack.
The cyber security expert: It’s easy, thanks to rules to identify specific set of binaries. But it also needs manual analysis to confirm if the threat is real o fake.