The Iranian group known as APT33 is believed to be behind a cyberespionage campaign targeting aerospace, petrochemical and energy sector firms located in the United States, Saudi Arabia and South Korea.
The group’s latest attack leverages a dropper called DropShot that is tied to the StoneDrill wiper malware—a variant of the infamous Shamoon 2, according to a report released Wednesday by FireEye.
The malware is being distributed via spear phishing campaigns that includes advertisements for jobs at Saudi Arabian aviation companies and Western organizations, researchers said. Emails include recruitment themed lures that contain links to malicious HTML application (.hta) files, researchers said.
To read the original article: https://threatpost.com/iranian-apt33-targets-us-firms-with-destructive-malware/128074/