#CustomBackdoors

Iranian hackers pose as journalists to push backdoor malware

by

May 4, 2024 at 12:19PM APT42, an Iranian state-backed threat actor, is using social engineering, specifically posing as journalists, to breach Western and Middle Eastern corporate networks and cloud environments. The group, affiliated with Iran’s IRGC-IO, targets NGOs, media outlets, and more. They employ custom backdoors “Nicecurl” and “Tamecat” to gain access and exfiltrate data. … Read more

Cisco Zero-Days Anchor ‘ArcaneDoor’ Cyber Espionage Campaign

by

April 25, 2024 at 12:06PM A state-sponsored threat actor named UAT4356 conducted a global cyber espionage campaign by exploiting two Cisco zero-day vulnerabilities in firewall devices. Dubbed “ArcaneDoor,” the campaign targeted government networks and utilized custom backdoor malware called “Line Dancer” and “Line Runner.” Organizations are advised to patch their systems and monitor for any … Read more