1 min read

Iranian-Backed APT34 Tries to Compromise Company Linked to U.S. Government

Silviu STAHIE

February 04, 2020

Iranian-Backed APT34 Tries to Compromise Company Linked to U.S. Government

Security researchers say they have uncovered a phishing campaign, likely organized by the Iran-backed APT34 group, that sought to infect Westat employees with malware.

U.S. companies and institutions are the usual targets of APT34, and hackers are always looking to compromise prominent organizations, usually via phishing campaigns. In this case, Westat was the intended target because the company focuses on research for agencies of the U.S. government, as well as for businesses, foundations, and state and local governments.

The phishing campaign didn’t follow a shotgun approach, but was directly aimed at Westat employees. The phishing emails contained a ‘survey.xls’ file, that, of course, would make use of macros, if they were enabled by default. Even with the setting at OFF, users would still be asked if they want to allow macros to view the file. Once the file was opened, a new version of the TONEDEAF malware was deployed.

“Westat understands that in their effort to identify threats and malware, Intezer has identified a malicious file that uses the Westat name and logo,” explained the company. “This file was not created by, hosted by, or sent from Westat, and is likely the result of a bad actor stealing the Westat brand name and logo.”

“Our cybersecurity team is working with Intezer and others to fully understand the nature of this report. We will continue to monitor the situation and respond accordingly.”

From what the security researchers found, it seems that the goal of the campaign was to deliver TONEDEAF, a backdoor that allows operators from a Command and Control center to collect data, to run commands, and even to upload files, and to deploy the VALUEVAULT malware, which is a browser credential tool.

The APT34 efforts were thwarted, for now, but they’re likely trying numerous avenues at the same time to increase their chances.

tags


Author



Right now

Top posts

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

The Perils of Online Dating: Spotting Romance Scammers Before They Break Your Heart and Your Bank Account The Perils of Online Dating: Spotting Romance Scammers Before They Break Your Heart and Your Bank Account
Alina BÎZGĂ

August 05, 2021

3 min read
Google Fixes Five High-Severity Flaws in Chrome 92 for Windows, Mac and Linux Google Fixes Five High-Severity Flaws in Chrome 92 for Windows, Mac and Linux
Filip TRUȚĂ

August 05, 2021

1 min read
Google Drops All Support for Android 2.3.7 and Older Google Drops All Support for Android 2.3.7 and Older
Silviu STAHIE

August 04, 2021

1 min read