UNC1549, an Iran-nexus threat actor has been attributed, with medium confidence, to cyber attacks in the Middle East, including Israel and the U.A.E. targeting defense, aerospace, and aviation industries. Other possible targets include India, Turkey, and Albania.

It is suspected that UNC1549 has been operating from June 2022 to February 2024. These attacks utilize spear-phishing emails with links to false websites. These websites contain content relating to Israel and Hamas, delivering a “malicious payload” to the device. Using Microsoft Azure cloud infrastructure as a means of command and control, the threat actor deploys two backdoors (MINIBIKE and MINIBUS). These backdoors work to establish command and control access for intelligence collection purposes. This also provides the threat actor with deeper access into the network. According to Mandiant, the intelligence collected so far holds strategic importance to Iranian interests. This information could be leveraged for espionage purposes or even a kinetic operation. Crowdstrike’s 2024 Global Threat Report details how “faketivists” linked to Iranian state nexus adversaries have targeted a myriad of sectors. They have concentrated on Israeli aerial projectile warning systems and critical infrastructure, as targets.

Read more:

https://thehackernews.com/2024/02/iran-linked-unc1549-hackers-target.html