"An Iran-nexus cyber espionage group known as UNC1549 has been attributed to a new campaign targeting European telecommunications companies, successfully infiltrating 34 devices across 11 organizations as part of a recruitment-themed activity on LinkedIn. Swiss cybersecurity company PRODAFT is tracking the cluster under the name Subtle Snail. It's assessed to be affiliated with Iran's Islamic Revolutionary Guard Corps (IRGC). The targeted 11 companies are located in Canada, France, the United Arab Emirates, the United Kingdom, and the United States."
"The use of job-themed lures by UNC1549 was subsequently detailed by Israeli cybersecurity company ClearSky, which detailed the adversary's targeting of the aerospace industry as far back as September 2023 to deliver malware families such as SnailResin and SlugResin. "The group's primary motivation involves infiltrating telecommunications entities while maintaining interest in aerospace and defense organizations to establish long-term persistence and exfiltrate sensitive data for strategic espionage purposes," PRODAFT said."
UNC1549, tracked as Subtle Snail, used LinkedIn recruitment-themed lures to infiltrate 34 devices across 11 telecommunications organizations in multiple countries. PRODAFT tracks the cluster and assesses affiliation with Iran's Islamic Revolutionary Guard Corps (IRGC), with targets in Canada, France, the United Arab Emirates, the United Kingdom, and the United States. The group poses as HR representatives to engage employees and deploys a MINIBIKE backdoor that communicates with command-and-control infrastructure proxied through Azure cloud services to evade detection. UNC1549 has been active since at least June 2022, overlaps with other Iranian clusters, and also targets aerospace and defense to establish persistence and exfiltrate sensitive data.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]