- A hacker group linked to Iran is carrying out an unprecedented attack on the Iraqi government.
- The attack is being carried out by Iranian-linked cybercriminals from the APT34 group, also known as OilRig. Two novel programs – Veaty and Spearal – have been used by the hackers.
- Not only Iraqi government institutions are the target. Hackers from APT34 have previously struck Saudi Arabia, Jordan, Lebanon, and even the United States.
An Iranian-linked hacker group is carrying out an unprecedented attack on the Iraqi government, revealed cybersecurity analysts from Check Point. The latest spy tools are at play, whose detection borders on the miraculous!
The Israeli company Check Point Software has revealed that the campaign carried out in recent days against the Iraqi government is being orchestrated by Iranian-linked cybercriminals from the APT34 group, also known as OilRig. This is certainly not a random attack, but a meticulously planned operation that began with cunning social engineering methods, Check Point’s specialists emphasize.
Among the tools used by the hackers, two innovative programs – Veaty and Spearal – have emerged. Veaty uses a special email-based control channel. The hackers have not only taken over email boxes of Iraqi officials, but have also slipped undetected into victims’ networks by spreading infected messages! If that wasn’t enough, Spearal uses an even more surprising technique – it uses DNS tunneling to illegally transmit data, hiding under the guise of regular internet traffic.
“This software is particularly sophisticated and difficult to detect,” emphasized in an interview with Recorded Future News Sergei Shykevich, expert from Check Point Software.
Iranian spy strategy: Who’s next?
“The campaign against the infrastructure of the Iraqi government confirms continuous and targeted efforts of Iranian criminals operating in the region,” adds Shykevich.
The targets are not only Iraqi government institutions. Hackers from APT34 have previously struck Saudi Arabia, Jordan, Lebanon, and even the United States. Check Point believes that APT34 is linked to the Iranian Ministry of Intelligence and Security (MOIS). The group’s victim location is consistent with Iran’s interests and matches the typical victim profile that MOIS-linked groups usually target in spy operations.
Reports indicate that APT34 is reigniting a cyber war, and Iraq has now become the epicenter of their activities. Last year, hackers from this group spent eight months unnoticed within the systems of one of the Middle Eastern governments, stealing vast amounts of data.
Source: https://managerplus.pl/iranska-grupa-hakerow-apt34-atakuje-rzad-iraku-nowatorskie-narzedzia-veaty-i-spearal-w-grze-30946
