Bitdefender researchers recently investigated the decade-old Foudre (French for “lightning”) APT that now uses a new component named “Tonnerre” (French for “thunder”). First investigated in May 2016, the Foudre malware is allegedly of Iranian origin and traditionally targets both government and the private sector.
The investigation started from a sample submitted for analysis to our researchers by the Argos, investigative program HUMAN/VPRO. Once unpacked, the archive contained both a document and a binary, both installing a backdoor into the compromised machine. Since the backdoor is designed to work on x86 and x64 Windows machines, threat actors were likely betting that victims would download and open the archive.