The focus was on Iranian APTs this week, both from private threat intelligence teams and CISA, exposing new operations from UNC757 and other groups targeting government, higher education, and private industry. We also check in on a new report from Google's Threat Analysis Group on APTs using the same exploits for zero days that were developed by private commercial surveillance vendors NSO Group and Intellexa.
The backdoor is being used for intelligence gathering campaigns against U.S. organizations in the government, communications equipment, oil and gas and satellite sectors.
CISA and the FBI are warning of activity by the Iran-based UNC757 group, which includes the targeting of known Check Point and Palo Alto Networks vulnerabilities.
A new phishing campaign by a subset of the Iranian threat group Mint Sandstorm is targeting universities and research organizations with custom backdoors.
An Iran state-backed group called Peach Sandstorm is using password spraying attacks to target cloud environments in organizations across many industries.