Researchers discover a new Iranian malware that has been exploited in several cyberattacks

Continue reading
A cyberattack campaign has been recently launched by an Iranian hacker against a Lebanese target with the help of a backdoor capable of extracting personal details maliciously from breached systems. Checkpoint, a cybersecurity organization, attributed the operation to APT34 (aka OilRig) while indicating similarities with old tricks and techniques that are exploited by the hacker as well as based on its pattern of victimology. APT34 is famous for launching reconnaissance campaigns that are aligned with the strategic interests of Iran. APT34 majorly hits financial, government, chemical, energy, and telecommunications industries in the countries of the Middle East.

Individuals are targeted via the use of booby-trapped job advertisement documents delivered to the victims through LinkedIn messages. This latest campaign by this group is no different; however, the method of delivery is still not known. Information and relevant details regarding various positions at a U.S.-based consulting firm called Ntiva IT have been shared by a word document analyzed by Check Point, which was uploaded to VirusTotal. This triggered the infection chain upon activating the rogue macros that are embedded, and finally, this resulted in the deployment of a backdoor called “SideTwist.”
The use of this latest backdoor hints at the group’s current efforts to overhaul and then update their payload arsenal during the time of 2019 leak of the hacking tools, informed CheckPoint. This also doxxed many Iranian Ministry of Intelligence officers who were associated with the APT34 operations.

"Iran backed APT34 shows no sign of slowing down, further pushing its political agenda in the middle-east, with an ongoing focus on Lebanon — using offensive cyber operations," the researchers stated.
"While maintaining its modus operandi and reusing old techniques, the group continues to create new and updated tools to minimize the possible detection of their tools by security vendors."

55+ football scam campaigns exploit FIFA World Cup 2026 hype on Meta platforms, pushing fake merchandise, phishing, and IPTV fraud.