Nearly a dozen telecommunications firms in the U.S., Canada, France, the UK, and the United Arab Emirates have been compromised by Iranian threat operation UNC1549 with a MINIBIKE backdoor variant as part of a new cyberespionage campaign involving LinkedIn recruitment lures, The Hacker News reports.After determining crucial personnel within targeted entities through reconnaissance efforts on LinkedIn and deploying spear-phishing emails for email address validation, UNC1549 also known as TA455 and Subtle Snail proceeded to establish fraudulent HR accounts on LinkedIn that provided fake job offers, an analysis from PRODAFT showed.Victims expressing interest were then sent emails with a link for scheduling an interview, which would redirect to a fake Telespazio or Safran Group domain while downloading a ZIP archive that launches the illicit MINIBIKE DLL. Aside from obtaining system details and enabling keystroke logging, MINIBIKE also facilitates Microsoft Outlook credential theft, browser data gathering, and screenshot capturing, as well as the execution of other payloads.Such findings follow a Group-IB report detailing Iranian state-backed hacking group MuddyWater's increased usage of custom backdoors and tools after initially depending on remote monitoring and management tools.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds