Summary: Proofpoint has identified a sophisticated cyber campaign targeting organizations in the United Arab Emirates, attributed to the Iranian threat actor UNK_CraftyCamel. The campaign utilizes polyglot files and a backdoor named Sosano to exploit vulnerabilities in critical sectors such as aviation and transportation. This operation underscores the growing threat posed by Iranian-aligned adversaries in the geopolitical cyber landscape.
Affected: United Arab Emirates organizations in aviation, satellite communications, and critical transportation infrastructure
Keypoints :
- Campaign linked to Iranian threat actor UNK_CraftyCamel targeting UAE organizations.
- Utilizes polyglot files and a backdoor called Sosano, which has limited functionalities.
- Attack methods indicate a focus on stealth and align with tactics of known Iranian groups like TA451 and TA455.
Source: https://www.securityweek.com/iranian-hackers-target-uae-firms-with-polyglot-files/