Summary: In October 2024, the Iranian threat actor UNC2428 executed a social engineering campaign targeting Israel by delivering the MURKYTOUR backdoor disguised as a recruitment tool from the Israeli defense contractor Rafael. This operation showcased intricate deception techniques, including the use of a graphical user interface to mask the installation of malware. Mandiant’s report highlights the ongoing cyber espionage activities by Iranian groups, focusing on diverse sectors within Israel.
Affected: Israeli defense contractor, Rafael
Keypoints :
- UNC2428 used social engineering tactics to lure victims with fake job opportunities.
- The backdoor MURKYTOUR grants persistent access to compromised machines via a tool masked as a legitimate application.
- Iranian threat actors are diversifying tactics, including the use of cloud infrastructure to conceal their operations from detection.
Source: https://thehackernews.com/2025/04/iran-linked-hackers-target-israel-with.html