BladedFeline has since deployed the more sophisticated Whisper and PrimeCache tools in recent times.
Iraqi and Kurdish government officials have been targeted by the suspected Iranian cyberespionage operation BladedFeline since 2017.
According to The Record, initial compromise of Kurdistan Regional Government systems is believed to have been achieved through vulnerability exploitation has allowed BladedFeline to bolster its attack arsenal.
According to an analysis from ESET, after being discovered to have launched the rudimentary Shahmaran backdoor against Kurdish diplomats two years ago, BladedFeline has since deployed the more sophisticated Whisper and PrimeCache tools, with the former allowing email attachment-based communications and the latter resembling OilRig's RDAT backdoor.
"The KRG's diplomatic relationship with Western nations, coupled with the oil reserves in the Kurdistan region, makes it an enticing target for Iran-aligned threat actors to spy on and potentially manipulate," said ESET researchers.
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
