(zscaler.com) Dust Specter APT: Iran-Nexus Threat Actor Deploys Novel Malware Against Iraqi Government Officials
-
(zscaler.com) Dust Specter APT: Iran-Nexus Threat Actor Deploys Novel Malware Against Iraqi Government Officials
Zscaler ThreatLabz uncovered "Dust Specter," a suspected Iran nexus campaign targeting Iraqi government officials by impersonating Iraq's Ministry of Foreign Affairs. The operation deployed four previously undocumented malware families, SPLITDROP, TWINTASK, TWINTALK, and GHOSTFORM, delivered through password protected archives and ClickFix style lures hosted on compromised Iraqi government infrastructure. The malware uses DLL sideloading, AES 256 CBC encryption, JWT based bot identification, and randomized C2 URI paths with embedded checksums to evade detection. Evidence of generative AI use in malware development was also identified.
IOCs in the article.
Dust Specter APT Targets Gov’t Officials in Iraq | ThreatLabz
Dust Specter, a suspected Iran-nexus APT threat actor, targets officials in Iraq with newly discovered malware: SPLITDROP, TWINTASK, TWINTALK & GHOSTFORM.
(www.zscaler.com)
Fediverse: Not known
-
R relay@relay.infosec.exchange shared this topic
