Tag: iraq
-
Dust Specter: Iran-Linked Hackers Weaponize Iraqi Government Sites in New Cyber Espionage Campaign
The post Dust Specter: Iran-Linked Hackers Weaponize Iraqi Government Sites in New Cyber Espionage Campaign appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/dust-specter-iran-linked-hackers-weaponize-iraqi-government-sites-in-new-cyber-espionage-campaign/
-
Iran-nexus APT Dust Specter targets Iraq officials with new malware
A campaign by Iran-linked group Dust Specter is targeting Iraqi officials with phishing emails delivering new malware families. Zscaler ThreatLabz researchers linked the Iran-nexus group Dust Specter to a campaign targeting Iraqi government officials. Threat actors impersonated the country’s Ministry of Foreign Affairs in phishing messages that delivered previously unseen malware, including SPLITDROP, TWINTASK, TWINTALK,…
-
Dust Specter Targets Iraqi Officials with New SPLITDROP and GHOSTFORM Malware
A suspected Iran-nexus threat actor has been attributed to a campaign targeting government officials in Iraq by impersonating the country’s Ministry of Foreign Affairs to deliver a set of never-before-seen malware.Zscaler ThreatLabz, which observed the activity in January 2026, is tracking the cluster under the name Dust Specter. The attacks, which manifest in the form…
-
Iran”‘Linked “Dust Specter” APT Deploys AI”‘Aided Malware Against Iraqi Officials
Iran”‘nexus APT group “Dust Specter” is targeting Iraqi government officials with AI”‘assisted custom .NET malware, using dual attack chains that blend DLL sideloading, in”‘memory PowerShell, and ClickFix”‘style lures. In January 2026, Zscaler ThreatLabz tracked a new campaign against Iraqi officials in which the actor impersonated Iraq’s Ministry of Foreign Affairs and abused compromised government infrastructure…
-
Iranian Cyber Threat Actor Targets Iraqi Government Officials in AI-Powered Campaign
Zscaler ThreatLabz assessed with medium to high confidence that an Iranian adversary targeted Iraq’s Ministry of Foreign Affairs in a new cyber-attack First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/iran-cyber-threat-actor-iraq/
-
‘Violence-as-a-service’ suspect arrested in Iraq, extradition underway
Gang members ‘systematically exploited children and young people,’ cops say First seen on theregister.com Jump to article: www.theregister.com/2026/01/12/violence_as_a_service_arrest/
-
Researchers find Predator spyware is being used in several countries, including Iraq
Researchers also found indicators “likely associated” with the use of Predator spyware by an entity tied to Pakistan. First seen on therecord.media Jump to article: therecord.media/intellexa-predator-spyware-continues-despite-sanctions
-
TDL 006 – Beyond the Firewall: How Attackers Weaponize Your DNS
Tags: access, attack, breach, business, cisa, ciso, computer, conference, control, cyber, data, data-breach, dns, exploit, firewall, google, government, group, guide, infrastructure, intelligence, Internet, iraq, jobs, leak, malicious, malware, network, phishing, ransomware, service, software, switch, threat, tool, windowsSummary Beyond the Firewall: How Attackers Weaponize Your DNS For many IT professionals, DNS is the internet’s invisible plumbing, historically managed by a “guy with a Unix beard in the basement,” as Infoblox educator Josh Kuo recalled on the Defenders Log podcast. But this foundational, often overlooked, protocol has become a primary vector for sophisticated…
-
BladedFeline Exploits Whisper and PrimeCache to Breach IIS and Microsoft Exchange Servers
ESET researchers have uncovered a series of malicious tools deployed by BladedFeline, an Iran-aligned advanced persistent threat (APT) group, targeting Kurdish and Iraqi government officials. Active since at least 2017, BladedFeline has been linked with medium confidence to the notorious OilRig APT group, known for cyberespionage across the Middle East. Sophisticated Cyberespionage Campaign The group’s…
-
Iran-Aligned Hacking Group Targets Middle Eastern Governments
Iran-aligned BladedFeline group has been observed targeting the government of Iraq and KRG with advanced malware First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/iran-hacking-group-targets-middle/
-
Iranian Espionage Group Caught Spying on Kurdish Officials
BladedFeline Hackers Spying on Kurdish Officials Since at Least 2017. An Iranian state espionage group stayed hidden for more than half-a-decade until security researchers spotted it in 2023, researchers said Thursday in a report detailing a growing arsenal of hacking tools it deployed against Kurdish and Iraqi government officials. First seen on govinfosecurity.com Jump to…
-
Iranian APT ‘BladedFeline’ Remains Hidden in Networks for 8 Years
ESET researchers have uncovered the persistent activities of BladedFeline, an Iranian-aligned Advanced Persistent Threat (APT) group, which has maintained covert access to the networks of Kurdish and Iraqi government officials for nearly eight years. First identified in 2017 through attacks on the Kurdistan Regional Government (KRG), BladedFeline has since evolved into a sophisticated cyberespionage entity,…
-
Iran-linked hackers target Kurdish and Iraqi officials in long-running cyberespionage campaign
The group has been operating since at least 2017, initially breaching systems belonging to the Kurdistan Regional Government and have expanded their reach to the Central Government of Iraq as well as a telecommunications provider in Uzbekistan. First seen on therecord.media Jump to article: therecord.media/iran-linked-hackers-target-kurdish-iraq-cyber-espionage
-
Iran-Linked BladedFeline Hits Iraqi and Kurdish Targets with Whisper and Spearal Malware
An Iran-aligned hacking group has been attributed to a new set of cyber attacks targeting Kurdish and Iraqi government officials in early 2024.The activity is tied to a threat group ESET tracks as BladedFeline, which is assessed with medium confidence to be a sub-cluster within OilRig, a known Iranian nation-state cyber actor. It’s said to…
-
Turkish APT Exploits Chat App Zero-Day to Spy on Iraqi Kurds
Even after their zero-day turned into an n-day, attackers known as Marbled Dust or Sea Turtle continued to spy on military targets that had failed to patch Output Messenger. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/turkish-apt-exploits-chat-app-zero-day-spy-iraqi-kurds
-
Turkey-Aligned Hackers Targeted Iraq-Based Kurds with Zero-Day Exploit
Marbled Dust has been exploiting a vulnerability in user accounts associated with the Kurdish military operating in Iraq for over a year, according to Microsoft First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/turkey-hackers-iraq-kurds-zero-day/
-
APT group exploited Output Messenger Zero-Day to target Kurdish military operating in Iraq
A Türkiye-linked group used an Output Messenger zero-day to spy on Kurdish military targets in Iraq, collecting user data since April 2024. Since April 2024, the threat actor Marbled Dust (aka Sea Turtle, Teal Kurma, Marbled Dust, SILICON and Cosmic Wolf) has exploited a zero-day flaw (CVE-2025-27920) in Output Messenger to target Kurdish military-linked users…
-
Türkiye-linked spy crew exploited a messaging app zero-day to snoop on Kurdish army in Iraq
‘MarbledDust’ gang has honed the skills it uses to assist Ankara First seen on theregister.com Jump to article: www.theregister.com/2025/05/13/turkish_spies_messaging_app/
-
SHELBY Malware Steals Data by Abusing GitHub as CommandControl Server
Elastic Security Labs has uncovered a sophisticated malware campaign, dubbed REF8685, targeting the Iraqi telecommunications sector. The campaign utilizes a novel malware family called SHELBY, which abuses GitHub for command-and-control (C2) operations, data exfiltration, and command retrieval. Novel Malware Family Targets Iraqi Telecommunications Sector The SHELBY malware family consists of two main components: SHELBYLOADER and…
-
Iran’s MOIS-Linked APT34 Spies on Allies Iraq & Yemen
The Islamic Republic is keeping its enemies close and its friends closer, with espionage attacks aimed at nearby neighbors. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/irans-mois-linked-apt34-spies-allies-iraq-yemen
-
Hundreds of UK Ministry of Defence passwords found circulating on the dark web
Tags: 2fa, access, attack, authentication, banking, breach, credentials, cyber, cybercrime, cybersecurity, dark-web, data, data-breach, email, government, hacker, intelligence, iraq, login, malware, mfa, password, phishing, risk, russia, theft, warfareThe login credentials of nearly 600 employees accessing a key British Ministry of Defence (MOD) employee portal have been discovered circulating on the dark web in the last four years, it has been reported.According to the i news site, the stolen credentials were for the MOD’s Defence Gateway website, a non-classified portal used by employees…
-
Hamas-Affiliated WIRTE Employs SameCoin Wiper in Disruptive Attacks Against Israel
A threat actor affiliated with Hamas has expanded its malicious cyber operations beyond espionage to carry out disruptive attacks that exclusively target Israeli entities.The activity, linked to a group called WIRTE, has also targeted the Palestinian Authority, Jordan, Iraq, Saudi Arabia, and Egypt, Check Point said in an analysis.”The [Israel-Hamas] conflict has not disrupted the…
-
Targeted Iranian Attacks Against Iraqi Government Infrastructure
ey Findings Check Point Research (CPR) has been closely monitoring a campaign targeting the Iraqi government over the past few months. This campaign f… First seen on research.checkpoint.com Jump to article: research.checkpoint.com/2024/iranian-malware-attacks-iraqi-government/
-
The 249th United States Marine Corps Birthday: A Message From The Commandant Of The Marine Corps
MARINE CORPS BIRTHDAY CONTENTDate Signed: 10/25/2024MARADMINS Number: 511/24 MARADMINS : 511/24R 231936Z OCT 24 MARADMIN 511/24 MSGID/GENADMIN/CMC CD WASHINGTON DC// SUBJ/MARINE CORPS BIRTHDAY CONTENT// POC/J.MERCURE/CAPT/CMC CD WASHINGTON DC/TEL: 703-614-2093/EMAIL: JAMES.M.MERCURE.MIL@USMC.MIL// POC/V.DILLON/CIV/CMC CD WASHINGTON DC/TEL: 703-614-2267/EMAIL: VADYA.DILLON@USMC.MIL// GENTEXT/REMARKS/1. This message provides information regarding the Marine Corps birthday video, the Commandant’s written birthday message, and recorded music…
-
Iranian Cyber Group OilRig Targets Iraqi Government in Sophisticated Malware Attack
Iraqi government networks have emerged as the target of an elaborate cyber attack campaign orchestrated by an Iran state-sponsored threat actor called… First seen on thehackernews.com Jump to article: thehackernews.com/2024/09/iranian-cyber-group-oilrig-targets.html
-
Iranian Cyberespionage Campaign Targets Iraqi Government
Check Point Research (CPR) has uncovered a sophisticated cyberespionage campaign aimed at the Iraqi government, bearing the hallmarks of Iranian state… First seen on securityonline.info Jump to article: securityonline.info/iranian-cyberespionage-campaign-targets-iraqi-government/
-
Novel payloads deployed in new OilRig APT campaign against Iraq
First seen on scmagazine.com Jump to article: www.scmagazine.com/brief/novel-payloads-deployed-in-new-oilrig-apt-campaign-against-iraq
-
Iran-linked hackers target Iraqi government in new campaign
First seen on therecord.media Jump to article: therecord.media/iran-linked-hackers-target-iraq-government