ESET Research<p><a href="https://infosec.exchange/tags/ESETresearch" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ESETresearch</span></a> analyzed a campaign deployed by BladedFeline, an Iran-aligned threat actor with likely ties to <a href="https://infosec.exchange/tags/OilRig" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OilRig</span></a>. We discovered the campaign, which targeted Kurdish and Iraqi government officials, in 2024. <a href="https://www.welivesecurity.com/en/eset-research/bladedfeline-whispering-dark/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">welivesecurity.com/en/eset-res</span><span class="invisible">earch/bladedfeline-whispering-dark/</span></a> <br>BladedFeline, a cyberespionage group active since at least 2017, develops malware for strategic access within the Kurdistan Regional Government and the government of Iraq. We discovered BladedFeline in 2023 after it targeted Kurdish officials with the <a href="https://infosec.exchange/tags/Shahmaran" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Shahmaran</span></a> backdoor. <br>The systems compromised in the latest campaign contained the <a href="https://infosec.exchange/tags/Whisper" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Whisper</span></a> backdoor, a malicious IIS module <a href="https://infosec.exchange/tags/PrimeCache" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PrimeCache</span></a>, two reverse tunnels, and several supplementary tools. Whisper uses <a href="https://infosec.exchange/tags/MicrosoftExchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MicrosoftExchange</span></a> server to communicate with the attackers via email attachments. <br>We believe with medium confidence that BladedFeline is a subgroup of OilRig, an 🇮🇷-based APT group also known as APT34 or Hazel Sandstorm. <br>First, there were OilRig tools present in the systems compromised in this campaign. BladedFeline’s PrimeCache also shares code similarities with OilRig’s <a href="https://infosec.exchange/tags/RDAT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RDAT</span></a> backdoor. Moreover, as does OilRig, BladedFeline targets organizations in the Middle East.<br>IoCs will be available in our GitHub repo: <a href="https://github.com/eset/malware-ioc/tree/master/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/eset/malware-ioc/tr</span><span class="invisible">ee/master/</span></a></p>
shakedown.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A community for live music fans with roots in the jam scene. Shakedown Social is run by a team of volunteers (led by @clifff and @sethadam1) and funded by donations.
Administered by:
Server stats:
269active users
shakedown.social: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.0
#primecache
0 posts · 0 participants · 0 posts today
Europe Says<p><a href="https://www.europesays.com/2137357/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">europesays.com/2137357/</span><span class="invisible"></span></a> Iran-aligned BladedFeline spies on Iraqi and Kurdish <a href="https://pubeurope.com/tags/BackdoorWhisper" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BackdoorWhisper</span></a> <a href="https://pubeurope.com/tags/Conflicts" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Conflicts</span></a> <a href="https://pubeurope.com/tags/CyberEspionage" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberEspionage</span></a> <a href="https://pubeurope.com/tags/ESET" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ESET</span></a> <a href="https://pubeurope.com/tags/Iran" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Iran</span></a> <a href="https://pubeurope.com/tags/IranAligned" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IranAligned</span></a> <a href="https://pubeurope.com/tags/llc" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>llc</span></a> <a href="https://pubeurope.com/tags/OilRig" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OilRig</span></a> <a href="https://pubeurope.com/tags/OperationRoundpress" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OperationRoundpress</span></a> <a href="https://pubeurope.com/tags/PrimeCache" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PrimeCache</span></a> <a href="https://pubeurope.com/tags/ThreatActors" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatActors</span></a></p>
TrendingLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload