Middle East-based aerospace, aviation, and defense organizations have been targeted by suspected Iranian state-backed threat operation UNC1549 in an attack campaign that has been ongoing since June 2022, CyberScoop reports.
While most of the attacks were targeted at Israel and the United Arab Emirates, UNC1549 may have also compromised organizations in India, Turkey, and Albania, according to a Mandiant report. Aside from leveraging a fraudulent website using the Israel-Hamas war as lure, UNC1549 — which was found to be similar to the Tortoiseshell threat group, also known as Imperial Kitten — also spoofed Boeing, DJI, and other major brands in fake job offers meant to redirect targets to websites that enable MINIBUS and MINIBIKE backdoor deployment, as well as credential exfiltration, said researchers. Moreover, malicious activity has been concealed with the use of Microsoft Azure for command and control. Such a development comes after Imperial Kitten was noted by PwC to have been conducting cyberespionage operations with custom and off-the-shelf malware.
