Iran APT Targets the Mediterranean With Watering-Hole Attacks

Iran APT Targets the Mediterranean With Watering-Hole Attacks

October 26, 2023 at 03:54PM

A threat actor sponsored by Iran has been using watering-hole attacks and a new malware downloader to target Mediterranean organizations in the maritime, shipping, and logistics sectors. The group, known as Tortoiseshell, Imperial Kitten, TA456, Crimson Sandstorm, and Yellow Liderc, has been utilizing various tactics including phishing domains, targeted emails, and fake social media accounts. Their latest campaign involves compromising legitimate websites, using malicious JavaScript to gather information from visitors, and serving further malware to specific profiles. The malware, called IMAPLoader, uses email as a means of communication and employs a technique known as “appdomain manager injection” to bypass detection. Yellow Liderc poses a threat to various industries globally, including automotive, defense, and IT. It is important to be cautious of unusual network traffic and suspicious emails to defend against their attacks.

Summary:
– A threat actor sponsored by the Islamic Republic of Iran has been conducting watering-hole attacks against Mediterranean organizations in the maritime, shipping, and logistics sectors.
– The threat actor, known as Yellow Liderc, has been using legitimate websites to insert malicious JavaScript that captures visitor details.
– If a visitor matches the specific profile of entities associated with maritime, logistics, and shipping, they will be served further malware.
– The malware used is called “IMAPLoader,” a DLL written in .NET that uses email for command-and-control communication.
– IMAPLoader employs an advanced infection technique called “appdomain manager injection” to evade detection on Windows machines.
– Yellow Liderc has a history of using various tactics, such as reconnaissance emails and elaborate phishing schemes.
– The group has targeted industries including healthcare, technology, nuclear energy, automotive, defense, and IT in regions worldwide.
– Detection of unusual network traffic and scrutiny of email senders are important measures to counter Yellow Liderc attacks.

Full Article

By proceeding you understand and give your consent that your IP address and browser information might be processed by the security plugins installed on this site.
×