The malware actively uses the Microsoft Azure infrastructure.
According to the latest data from analysts at Mandiant, the Middle East has become the target of an ongoing cyber espionage operation, which uses unique malware targeting the aerospace, aviation and defense industries. According to the researchers, the traces of this operation lead to Iran.
It is noted that the campaign's actions are directed against Israel and the United Arab Emirates, as well as possibly against Turkey, India and Albania. This operation, according to experts, is associated with the Iranian group UNC1549, which was previously seen in cyber attacks on American and Israeli companies operating in the shipping, aerospace and defense industries.
Of particular note is the potential connection of this campaign to Iran's Islamic Revolutionary Guard Corps (IRGC), especially in the context of recent tensions related to the war between Israel and Hamas, which Iran openly supports.
The campaign saw the use of numerous evasion techniques, including extensive use of Microsoft Azure cloud infrastructure, as well as social engineering to spread two unique backdoors: MINIBIKE and MINIBUS. These malicious programs allow you to perform various actions, from stealing files to executing arbitrary commands and enhanced intelligence.
In addition, the researchers discovered LIGHTRAIL, a specialized tunneling software that allows you to hide malicious activity by "wrapping" malicious traffic in regular Internet traffic.
It is important to note that the campaign started in June 2022, and the last actions within its framework were registered in January of this year, which indicates the long-term and purposeful nature of this operation.
The methods used by hackers emphasize their sophistication and high level of skills, which once again demonstrates how serious a threat APT groups pose to states and large companies in a critical industry.
To counter this threat, a comprehensive approach is needed, including strengthening cybersecurity, introducing advanced technologies, and raising employees awareness of the rules of cyber hygiene. Moreover, these measures concern both state and private companies.
According to the latest data from analysts at Mandiant, the Middle East has become the target of an ongoing cyber espionage operation, which uses unique malware targeting the aerospace, aviation and defense industries. According to the researchers, the traces of this operation lead to Iran.
It is noted that the campaign's actions are directed against Israel and the United Arab Emirates, as well as possibly against Turkey, India and Albania. This operation, according to experts, is associated with the Iranian group UNC1549, which was previously seen in cyber attacks on American and Israeli companies operating in the shipping, aerospace and defense industries.
Of particular note is the potential connection of this campaign to Iran's Islamic Revolutionary Guard Corps (IRGC), especially in the context of recent tensions related to the war between Israel and Hamas, which Iran openly supports.
The campaign saw the use of numerous evasion techniques, including extensive use of Microsoft Azure cloud infrastructure, as well as social engineering to spread two unique backdoors: MINIBIKE and MINIBUS. These malicious programs allow you to perform various actions, from stealing files to executing arbitrary commands and enhanced intelligence.
In addition, the researchers discovered LIGHTRAIL, a specialized tunneling software that allows you to hide malicious activity by "wrapping" malicious traffic in regular Internet traffic.
It is important to note that the campaign started in June 2022, and the last actions within its framework were registered in January of this year, which indicates the long-term and purposeful nature of this operation.
The methods used by hackers emphasize their sophistication and high level of skills, which once again demonstrates how serious a threat APT groups pose to states and large companies in a critical industry.
To counter this threat, a comprehensive approach is needed, including strengthening cybersecurity, introducing advanced technologies, and raising employees awareness of the rules of cyber hygiene. Moreover, these measures concern both state and private companies.
