Aviation, critical transportation infrastructure, and satellite communications firms across the United Arab Emirates have been targeted with the novel Sosano backdoor in highly-targeted attacks by suspected Iranian state-sponsored threat group UNK_Crafty Camel, which leveraged techniques akin to the state-backed TA451 and TA455 hacking operations, according to The Record, a news site by cybersecurity firm Recorded Future.UNK_Crafty Camel's intrusions commenced with the exploitation of a breached INDIC Electronics email account to facilitate the distribution of malicious emails with links redirecting to a fake website of the Indian electronics company hosting a ZIP archive that enabled Sosano malware delivery, a Proofpoint report showed.Such an attack campaign "demonstrates the lengths to which state-aligned actors will go to evade detection and fulfill their intelligence collection mandates successfully," said Proofpoint researcher Joshua Miller.The findings come after TA455, which is believed to be under the Charming Kitten group, was reported to have targeted the aerospace sector through bogus LinkedIn job offers.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds