A sophisticated cyber espionage campaign by the Iran-linked group Subtle Snail targets European telecommunications, aerospace, and defense organizations using fake LinkedIn recruitment and custom malware. This long-term operation involves advanced techniques like DLL sideloading, signed malware, and cloud-based C2 infrastructure to steal sensitive information. #SubtleSnail #IranNexus
Keypoints
- Subtle Snail is an Iran-nexus cyber espionage group active since June 2022.
- The group uses fake LinkedIn accounts to lure targets with fake job offers.
- They deploy customized malware, including a variant of the MINIBIKE backdoor, for persistent access.
- Malware is signed with legitimate certificates and uses DLL sideloading to evade detection.
- Targeted exfiltration includes credentials, personal data, project files, and sensitive infrastructure details.