Attacks with the novel Veaty and Spearal malware strains have been deployed by Iranian state-backed advanced persistent threat operation OilRig, also known as APT34, against Iraqi government agencies and organizations as part of a new cyberespionage campaign, reports The Record, a news site by cybersecurity firm Recorded Future.
OilRig may have leveraged social engineering techniques to lure targets into opening malicious documents that trigger the deployment of both payloads, which use different command-and-control mechanisms, according to a report from Check Point. While breached email accounts have been utilized by Veaty for C2 communications, such task has been conducted by Spearal through a custom DNS protocol that masks data as normal DNS traffic, noted Check Point researchers. "This campaign against Iraqi government infrastructure highlights the sustained and focused efforts of Iranian threat actors operating in the region," said researchers. Such an attack campaign comes after several Israeli organizations were targeted by the group in support of Palestinian militant group Hamas.
