A new threat campaign conducted by the Iran-based Siamesekitten hacking group is believed to specialise in using fake Adobe PDF documents and modular malware for their attacks.
This cybercriminal group was first uncovered during their initial malicious threat campaigns against an Israeli entity in May last year. In addition, the Siamesekitten group is actively targeting several entities and organisations in Africa and the Middles East.
They are known for launching supply chain attacks, especially in countries that they have issues with, such as Israel.
The malicious threat group also established a massive infrastructure that allowed them to impersonate their targeted company and its HR staff. For the past months, this kind of attack has made them notable in the eyes of many cybersecurity researchers.
In the most recent cybercriminal activity, researchers indicated that the Siamesekitten group has been abusing a new modular malware that can infect Windows systems.
The group has used this new modular malware to infect several users since numerous entities employ the Windows OS.
Unfortunately, there is not much data regarding the uncovered malware. However, the researchers managed to get a piece of information regarding how the threat actors utilised a reverse shell attack to spoof an Adobe PDF document.
The phoney PDF file is signed with a compromised Microsoft certificate to create an illusion that it is an authentic certificate. Through this strategy, the threat actors have a high success rate in compromising their targets.
Furthermore, the researchers noted that the threat attack method is identical to the past botnet attacks against Iranians a few months ago.
This newly discovered Siamesekitten threat group is another malicious entity Iran has produced and is believed to have been building other subgroups to expand its attack scope for the future.
Additionally, this cybercriminal group relies heavily on phishing emails to launch attacks. Therefore, organisations should employ the most competent email filtering systems and train their employees to spot such malicious emails.
