Iranian APT targets defense contractors in social engineering campaign


Community Feature - @ChicagoCyber

A Curated Intelligence APT hunter - ChicagoCyber - recently helped uncover a sophisticated espionage campaign linked to an Iranian-state aligned threat actor. The APT, dubbed TA456 (also known as Tortoiseshell or Imperial Kitten), reportedly spent years masquerading as the persona “Marcella Flores” in an attempt to infect the machine of an employee of an aerospace defense contractor with its LEMPO malware.

The targeting of defense contractors is not new for Iranian state-aligned APT groups, but this campaign highlights that TA456 is one of the most determined of its type, tracked by Proofpoint. Its significant use of social engineering, cross platform communication, and general persistence make it an adversary highly worth tracking for organisations in this sector. (source)

Curated Intel Community Features are sourced using our Member Content channel on Discord. If you have recently produced a noteworthy piece of writing, a project, a podcast, an infographic or other CTI content let us know!