Experts at FireEye have uncovered a new espionage campaign carried out by APT34 APT group (
APT34 is an Iran-linked APT group that has been around since at least 2014, it targeted mainly organizations in the financial, government, energy, telecoms and chemical sectors in the United States and Middle Eastern countries.
“In late June 2019, FireEye identified a phishing campaign conducted by APT34, an Iranian-nexus threat actor.” reads the analysis published by FireEye. “Three key attributes caught our eye with this particular campaign:
The hackers used three new malware families in the campaign that also involved the Pickpocket, a browser credential-theft tool exclusively linked to APT34 campaigns.
The phishing campaign primarily targeted organizations in the energy and oil and gas, along with government entities.
The fake profiles asked the victims to open the
The attack technique observed in this campaign is not new and was used by the
The three malware families involved in this campaign were tracked as for TONEDEAF, VALUEVAULT, and LONGWATCH.
After the FireEye experts identifying the C2 domain, they discovered
“We suspect this will not be the last time APT34 brings new tools to the table. Threat actors are often reshaping their TTPs to evade detection mechanisms, especially if the target is highly desired.” concludes FireEye. “For these reasons, we recommend organizations remain vigilant in their defenses, and remember to view their environment holistically when it comes to information security.”