Iranian hackers attack aerospace and telecom companies
The criminals used ShellClient spyware during the campaign.
Cybersecurity experts from Cybereason Nocturnus have reported a malicious cyber-espionage campaign that has been running since at least 2018. The criminals used ShellClient, a Remote Access Trojan (RAT) malware, during the campaign.
Researchers have linked ShellClient to a cybercriminal group dubbed MalKamak, which used malware to conduct intelligence operations and steal sensitive data from targets in the Middle East, the United States, Russia and Europe.
ShellClient RAT came to the attention of cyber security experts in July during the analysis of a cyber-espionage operation called Operation GhostShell. According to experts, the malware runs on infected devices under the guise of a legitimate RuntimeBroker.exe process, which helps to manage permissions for applications from the Microsoft Store. The ShellClient variant used for Operation GhostShell shows a compile date of May 22, 2021 and is version 4.0.1.
The researchers found that the modification of the malware began at least in November 2018 “from a simple self-contained
Read the article