Tag: iraq
-
Researchers find Predator spyware is being used in several countries, including Iraq
Researchers also found indicators “likely associated” with the use of Predator spyware by an entity tied to Pakistan. First seen on therecord.media Jump to article: therecord.media/intellexa-predator-spyware-continues-despite-sanctions
-
TDL 006 – Beyond the Firewall: How Attackers Weaponize Your DNS
Tags: access, attack, breach, business, cisa, ciso, computer, conference, control, cyber, data, data-breach, dns, exploit, firewall, google, government, group, guide, infrastructure, intelligence, Internet, iraq, jobs, leak, malicious, malware, network, phishing, ransomware, service, software, switch, threat, tool, windowsSummary Beyond the Firewall: How Attackers Weaponize Your DNS For many IT professionals, DNS is the internet’s invisible plumbing, historically managed by a “guy with a Unix beard in the basement,” as Infoblox educator Josh Kuo recalled on the Defenders Log podcast. But this foundational, often overlooked, protocol has become a primary vector for sophisticated…
-
BladedFeline Exploits Whisper and PrimeCache to Breach IIS and Microsoft Exchange Servers
ESET researchers have uncovered a series of malicious tools deployed by BladedFeline, an Iran-aligned advanced persistent threat (APT) group, targeting Kurdish and Iraqi government officials. Active since at least 2017, BladedFeline has been linked with medium confidence to the notorious OilRig APT group, known for cyberespionage across the Middle East. Sophisticated Cyberespionage Campaign The group’s…
-
Iran-Aligned Hacking Group Targets Middle Eastern Governments
Iran-aligned BladedFeline group has been observed targeting the government of Iraq and KRG with advanced malware First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/iran-hacking-group-targets-middle/
-
Iranian Espionage Group Caught Spying on Kurdish Officials
BladedFeline Hackers Spying on Kurdish Officials Since at Least 2017. An Iranian state espionage group stayed hidden for more than half-a-decade until security researchers spotted it in 2023, researchers said Thursday in a report detailing a growing arsenal of hacking tools it deployed against Kurdish and Iraqi government officials. First seen on govinfosecurity.com Jump to…
-
Iranian APT ‘BladedFeline’ Remains Hidden in Networks for 8 Years
ESET researchers have uncovered the persistent activities of BladedFeline, an Iranian-aligned Advanced Persistent Threat (APT) group, which has maintained covert access to the networks of Kurdish and Iraqi government officials for nearly eight years. First identified in 2017 through attacks on the Kurdistan Regional Government (KRG), BladedFeline has since evolved into a sophisticated cyberespionage entity,…
-
Iran-linked hackers target Kurdish and Iraqi officials in long-running cyberespionage campaign
The group has been operating since at least 2017, initially breaching systems belonging to the Kurdistan Regional Government and have expanded their reach to the Central Government of Iraq as well as a telecommunications provider in Uzbekistan. First seen on therecord.media Jump to article: therecord.media/iran-linked-hackers-target-kurdish-iraq-cyber-espionage
-
Iran-Linked BladedFeline Hits Iraqi and Kurdish Targets with Whisper and Spearal Malware
An Iran-aligned hacking group has been attributed to a new set of cyber attacks targeting Kurdish and Iraqi government officials in early 2024.The activity is tied to a threat group ESET tracks as BladedFeline, which is assessed with medium confidence to be a sub-cluster within OilRig, a known Iranian nation-state cyber actor. It’s said to…
-
Turkish APT Exploits Chat App Zero-Day to Spy on Iraqi Kurds
Even after their zero-day turned into an n-day, attackers known as Marbled Dust or Sea Turtle continued to spy on military targets that had failed to patch Output Messenger. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/turkish-apt-exploits-chat-app-zero-day-spy-iraqi-kurds
-
Turkey-Aligned Hackers Targeted Iraq-Based Kurds with Zero-Day Exploit
Marbled Dust has been exploiting a vulnerability in user accounts associated with the Kurdish military operating in Iraq for over a year, according to Microsoft First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/turkey-hackers-iraq-kurds-zero-day/
-
APT group exploited Output Messenger Zero-Day to target Kurdish military operating in Iraq
A Türkiye-linked group used an Output Messenger zero-day to spy on Kurdish military targets in Iraq, collecting user data since April 2024. Since April 2024, the threat actor Marbled Dust (aka Sea Turtle, Teal Kurma, Marbled Dust, SILICON and Cosmic Wolf) has exploited a zero-day flaw (CVE-2025-27920) in Output Messenger to target Kurdish military-linked users…
-
Türkiye-linked spy crew exploited a messaging app zero-day to snoop on Kurdish army in Iraq
‘MarbledDust’ gang has honed the skills it uses to assist Ankara First seen on theregister.com Jump to article: www.theregister.com/2025/05/13/turkish_spies_messaging_app/
-
SHELBY Malware Steals Data by Abusing GitHub as CommandControl Server
Elastic Security Labs has uncovered a sophisticated malware campaign, dubbed REF8685, targeting the Iraqi telecommunications sector. The campaign utilizes a novel malware family called SHELBY, which abuses GitHub for command-and-control (C2) operations, data exfiltration, and command retrieval. Novel Malware Family Targets Iraqi Telecommunications Sector The SHELBY malware family consists of two main components: SHELBYLOADER and…
-
Iran’s MOIS-Linked APT34 Spies on Allies Iraq & Yemen
The Islamic Republic is keeping its enemies close and its friends closer, with espionage attacks aimed at nearby neighbors. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/irans-mois-linked-apt34-spies-allies-iraq-yemen
-
Hundreds of UK Ministry of Defence passwords found circulating on the dark web
Tags: 2fa, access, attack, authentication, banking, breach, credentials, cyber, cybercrime, cybersecurity, dark-web, data, data-breach, email, government, hacker, intelligence, iraq, login, malware, mfa, password, phishing, risk, russia, theft, warfareThe login credentials of nearly 600 employees accessing a key British Ministry of Defence (MOD) employee portal have been discovered circulating on the dark web in the last four years, it has been reported.According to the i news site, the stolen credentials were for the MOD’s Defence Gateway website, a non-classified portal used by employees…
-
Hamas-Affiliated WIRTE Employs SameCoin Wiper in Disruptive Attacks Against Israel
A threat actor affiliated with Hamas has expanded its malicious cyber operations beyond espionage to carry out disruptive attacks that exclusively target Israeli entities.The activity, linked to a group called WIRTE, has also targeted the Palestinian Authority, Jordan, Iraq, Saudi Arabia, and Egypt, Check Point said in an analysis.”The [Israel-Hamas] conflict has not disrupted the…
-
Targeted Iranian Attacks Against Iraqi Government Infrastructure
ey Findings Check Point Research (CPR) has been closely monitoring a campaign targeting the Iraqi government over the past few months. This campaign f… First seen on research.checkpoint.com Jump to article: research.checkpoint.com/2024/iranian-malware-attacks-iraqi-government/
-
The 249th United States Marine Corps Birthday: A Message From The Commandant Of The Marine Corps
MARINE CORPS BIRTHDAY CONTENTDate Signed: 10/25/2024MARADMINS Number: 511/24 MARADMINS : 511/24R 231936Z OCT 24 MARADMIN 511/24 MSGID/GENADMIN/CMC CD WASHINGTON DC// SUBJ/MARINE CORPS BIRTHDAY CONTENT// POC/J.MERCURE/CAPT/CMC CD WASHINGTON DC/TEL: 703-614-2093/EMAIL: JAMES.M.MERCURE.MIL@USMC.MIL// POC/V.DILLON/CIV/CMC CD WASHINGTON DC/TEL: 703-614-2267/EMAIL: VADYA.DILLON@USMC.MIL// GENTEXT/REMARKS/1. This message provides information regarding the Marine Corps birthday video, the Commandant’s written birthday message, and recorded music…
-
Iranian Cyber Group OilRig Targets Iraqi Government in Sophisticated Malware Attack
Iraqi government networks have emerged as the target of an elaborate cyber attack campaign orchestrated by an Iran state-sponsored threat actor called… First seen on thehackernews.com Jump to article: thehackernews.com/2024/09/iranian-cyber-group-oilrig-targets.html
-
Iranian Cyberespionage Campaign Targets Iraqi Government
Check Point Research (CPR) has uncovered a sophisticated cyberespionage campaign aimed at the Iraqi government, bearing the hallmarks of Iranian state… First seen on securityonline.info Jump to article: securityonline.info/iranian-cyberespionage-campaign-targets-iraqi-government/
-
Novel payloads deployed in new OilRig APT campaign against Iraq
First seen on scmagazine.com Jump to article: www.scmagazine.com/brief/novel-payloads-deployed-in-new-oilrig-apt-campaign-against-iraq
-
Iran-linked hackers target Iraqi government in new campaign
First seen on therecord.media Jump to article: therecord.media/iran-linked-hackers-target-iraq-government
-
Threat Actors Using New Malware Toolkit That Involves IIS Backdoor, DNS Tunneling
The Iranian threat actor APT34, also known as GreenBug, has recently launched a new campaign targeting Iraqi government entities by employing a custom… First seen on gbhackers.com Jump to article: gbhackers.com/iis-backdoor-dns-tunneling/
-
Iranian Hackers Targeting Iraqi Government: Security Firm
Hackers believed to be operating on behalf of the Iranian government have deployed malware to Iraqi government networks. The post Iranian Hackers Tar… First seen on securityweek.com Jump to article: www.securityweek.com/iranian-hackers-targeting-iraqi-government-security-firm/
-
PyPI Packages Leak User Data to Telegram Bot, Iraqi Cybercriminals Suspected
Experts at Checkmarx have uncovered PyPI packages containing a malicious script in the >>init.py
-
Well-Established Cybercriminal Ecosystem Blooming in Iraq
A malicious Telegram bot is the key to a veritable flourishing garden of nefarious cybercriminal activity, which was discovered via a series of Python… First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/cybercriminal-ecosystem-flourishes-iraq
-
Iraqi Hackers Exploit PyPI to Infiltrate Systems Through Python Packages
First seen on hackread.com Jump to article: hackread.com/iraqi-hackers-exploit-pypi-infiltrate-system-python-packages/
-
Hacked Iraqi Voter Information Found For Sale Online
A 21.58 GB database of stolen personal voter data from Iraq’s Independent High Electoral Commission (IHEC) may have been the result of a supply chain … First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/hacked-iraqi-voter-information-found-for-sale-online
-
[News] PixSteal-A Trojan Steals Images, Uploads to Iraqi FTP Server
A new Trojan has been identified that has the capability of stealing images from infected computers, setting the stage for anything from identity thef… First seen on http: Jump to article: feedproxy.google.com/~r/SecurityTube/~3/GTBbnHchXs8/989
-
PixSteal-A Trojan Steals Images, Uploads to Iraqi FTP Server
A new Trojan has been identified that has the capability of stealing images from infected computers, setting the stage for anything from identity thef… First seen on http: Jump to article: threatpost.com/en_us/blogs/sample-security-agenda-obamas-second-term-110712