Source |
Malwarebytes Labs |
Identifiant |
4594055 |
Date de publication |
2022-05-10 20:49:30 (vue: 2022-05-13 21:53:36) |
Titre |
APT34 targets Jordan Government using new Saitama backdoor |
Texte |
A deep dive into a sophisticated attack that used the Saitama backdoor.
|
Envoyé |
Oui |
Condensat |
apt34 attack backdoor deep dive government jordan new saitama sophisticated targets used using |
Tags |
|
Stories |
APT 34
|
Notes |
|
Move |
|
Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2022-06-13 15:00:45 |
(Déjà vu) Translating Saitama\'s DNS tunneling messages, (Mon, Jun 13th) (lien direct) |
Saitama is a backdoor that uses the DNS protocol to encapsulate its command and control (C2) messages - a technique known as DNS Tunneling (MITRE ATT&CK T1071). Spotted and documented by MalwareBytes in two articles posted last month (How the Saitama backdoor uses DNS tunneling and APT34 targets Jordan Government using new Saitama backdoor), Saitama was used in a phishing e-mail targeted to a government official from Jordan's foreign ministry on an attack attributed to the Iranian group APT34.
|
|
APT 34
|
|