Iranian APT33 targets US firms with destructive malware.

Haythem Elmir



The Iranian group known as APT33 is believed to be behind a cyberespionage campaign targeting aerospace, petrochemical and energy sector firms located in the United States, Saudi Arabia and South Korea.

The group’s latest attack leverages a dropper called DropShot that is tied to the StoneDrill wiper malware—a variant of the infamous Shamoon 2, according to a report released Wednesday by FireEye.

The malware is being distributed via spear phishing campaigns that includes advertisements for jobs at Saudi Arabian aviation companies and Western organizations, researchers said. Emails include recruitment themed lures that contain links to malicious HTML application (.hta) files, researchers said.

To read the original article:



Laisser un commentaire

Next Post

Researchers link CCLEANER hack to cyberespionage group

The recent attack that resulted in 2.2 million users installing infected versions of a popular Windows system optimization tool might have been the work of a sophisticated cyberespionage group with a history of software supply chain compromises. Researchers from two security companies have established links between the malicious code surreptitiously added […]