Researchers uncovered a sophisticated Iranian-linked spear-phishing campaign targeting international organizations through compromised diplomatic mailboxes. The operation used malicious Microsoft Word documents and advanced obfuscation techniques to gather system information and establish persistent access. #HomelandJustice #IranianCyberActors
Keypoints
- The campaign exploited a compromised mailbox of Omanβs Ministry of Foreign Affairs to distribute malicious emails.
- The phishing emails used trusted sources and routed through NordVPN in Jordan to mask their origin.
- Attached malicious Word documents contained VBA macros that triggered multi-stage malware infections.
- The malware, sysProcUpdate, collected system data and communicated with a C2 server, aiming for reconnaissance.
- The operation targeted multiple regions, including Europe, Africa, Asia, and international organizations like the UN.