Iranian cyber espionage group APT42, associated with IRGC, has been targeting defense and government officials using social engineering and long-term relationship-building tactics. Their sophisticated operation employs modular malware and covert communication channels like Telegram and Discord for persistent data exfiltration. #APT42 #IRGC #TameCat #SpearSpecter
Keypoints
- APT42 is a state-sponsored hacking group linked to the Islamic Revolutionary Guard Corps (IRGC).
- The group uses social engineering, including fake conference invitations, to infect targets.
- They deploy the TameCat PowerShell-based backdoor for long-term access and data exfiltration.
- TameCat communicates via Telegram and Discord, maintaining resilience against detection.
- The operation involves sophisticated obfuscation, in-memory malware, and multi-channel command control.