Experts at FireEye have uncovered a new espionage campaign carried out by APT34 APT group (
APT34 is an Iran-linked APT group that has been around since at least 2014, it targeted mainly organizations in the financial, government, energy, telecoms and chemical sectors in the United States and Middle Eastern countries.
“In late June 2019, FireEye identified a phishing campaign conducted by APT34, an Iranian-nexus threat actor.” reads the analysis published by FireEye. “Three key attributes caught our eye with this particular campaign:
The hackers used three new malware families in the campaign that also involved the Pickpocket, a browser credential-theft tool exclusively linked to APT34 campaigns.
The phishing campaign primarily targeted organizations in the energy and oil and gas, along with government entities.
The fake profiles asked the victims to open the
The attack technique observed in this campaign is not new and was used by the
The three malware families involved in this campaign were tracked as for TONEDEAF, VALUEVAULT, and LONGWATCH.
After the FireEye experts identifying the C2 domain, they discovered
“We suspect this will not be the last time APT34 brings new tools to the table. Threat actors are often reshaping their TTPs to evade detection mechanisms, especially if the target is highly desired.” concludes FireEye. “For these reasons, we recommend organizations remain vigilant in their defenses, and remember to view their environment holistically when it comes to information security.”
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.