Iranian hacking operation UNC1549, also known as Nimbus Manticore and Subtle Snail, has leveraged its extensive attack arsenal to compromise aerospace, aviation, and defense organizations across the Middle East since late 2023, reports The Hacker News.After achieving initial network compromise through third-party software credential exploitation and spear-phishing emails, UNC1549 commenced reconnaissance efforts by deploying the MINIBIKE, TWOSTROKE, and DEEPROOT backdoors for Microsoft Outlook credential theft, persistence, and shell command execution, respectively, as well as the TRUSTTRAP malware for luring Microsoft account credential inputs, according to a Mandiant analysis. Intrusions also involved the LIGHTRAIL, GHOSTLINE, and POLLBLEND tunnelers, as well as the CRASHPAD, DCSYNCER.SLICK, and SIGHTGRAB Windows utilities."UNC1549's campaign is distinguished by its focus on anticipating investigators and ensuring long-term persistence after detection," said Mandiant researchers. UNC1549 was previously reported by PRODAFT to have compromised almost a dozen telecommunications firms in a social engineering campaign involving LinkedIn recruitment lures.
Threat Intelligence
Multiple tools harnessed in Iranian cyberespionage attacks against Middle East

(Adobe Stock)
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



