HQ/EMEAFind out how we can help your business
The Iran-based threat group APT34 has reemerged in the cybercriminal landscape and brought two new malicious tools for phishing campaigns. This sophisticated hacking group has allegedly launched a new phishing campaign that deploys a variant of the SideTwist backdoor.
This advanced persistent threat group has been one of the most destructive threats that have targeted the Middle East since 2014. They have targeted various industries, such as telecommunications, government, defence, oil, and financial services sectors, using specially crafted spear-phishing lures that result in deploying different backdoors.
Moreover, the group’s ability to constantly develop and upgrade its tools makes it one of the most formidable foes of different organisations worldwide.
APT34 first used the SideTwist backdoor a couple of years ago.
The advanced persistent threat group, APT34, first employed the SideTwist backdoor in its attack in April 2021. The backdoor is an implant that can download/upload files and command execution.
In addition, it evolved into one of the group’s primary tools for their attacks, especially phishing campaigns. APT41’s new attack chain starts with a lure MS Word document that stores malicious macros.
Next, the macro extracts and deploys a Base64-encoded payload stored within the file. This payload is a SideTwist backdoor variant, which the actors compiled through GCC. Subsequently, the payload establishes communication with a remote server (11.0.188[.]38) to wait for further commands from the threat actors.
The SideTwist backdoor was discovered after a separate investigation uncovered a new variant of Agent Tesla, a notorious information stealer malware. The threat operators in this particular attack have created an MS Excel document that exploits the CVE-2017-11882 and CVE-2018-0802 vulnerabilities. Agent Tesla’s primary abilities could allow it to harvest sensitive information, such as credentials, keylogging data, and screenshots.
This non-stop surge of phishing campaigns shows the craftiness of threat actors in creating ways to breach and compromise digital infrastructures. As APT34 and other malicious groups upgrade their tactics and tools, organisations and individuals should remain vigilant and knowledgeable about the latest cybersecurity practices to avoid falling victim to these malicious attacks.
