An Iran-linked APT group which previously targeted organizations in Saudi Arabia has now
set its sights on Turkey. The threat actor has been distributing malware via MS Office documents with
Threat actor have typically targeted a set of domestic and private sector targets in Turkey.
In 4th February 2016, researchers of TRAPMINE encountered a set of cyber espionage
attack which targeted various institutions.
The malware which is used for attack, uses the phishing method as an attack vector. The attack targets
some of the media workers who are in the international media companies. The malware has some advanced
features in the system spread such as audio surveillance, keylogging, file transfer, webcam
ZDI has published several vulnerabilies affect IBM Tivoli Storage Manager which is a
popular storage product on June 30. We decided to re-discover and trigger this vulnerability with the
help of advisory.
TRAPMINE has discovered ongoing series of targeted attacks against some government
institutions. Most of the government instutions targeted by attackers are located in Kazakhstan,
Mongolia, Vietnam and Russia. After the quick analysis of exploits and malware used in the campaign, we
have identified that it’s the
same group behind Lurid / Enfal APT attacks.
1145/7 Sokak No:2 D:210 Uzbek Ishani
35110 Konak, Izmir / Turkey
firstname.lastname@example.org - +90 232 433 0327
Copyright © 2017. All Rights Reserved