Researchers from Israelβs INDA have uncovered SpearSpecter, a sophisticated cyber-espionage campaign allegedly linked to Iranian threat actors working for IRGC-IO, targeting high-level government and defense officials. The operation employs social engineering, fileless malware, and cloud-based command-and-control channels to infiltrate its targets. #IRGCIO #SpearSpecter
Keypoints
- SpearSpecter is a highly targeted, relationship-based cyber-espionage campaign linked to Iranian threat actors.
- The operation involves weeks-long social engineering through impersonation on platforms like WhatsApp.
- Malware deployment relies on fileless tactics, utilizing the TAMECAT PowerShell backdoor with modular components.
- Command-and-control channels include Cloudflare Workers, Telegram, and Discord, providing resilience and low detectability.
- The campaign focuses on harvesting sensitive data from high-value targets, including government officials and defense personnel.