Partner Program
Platform
Comprehensive Threat Exposure Management Platform
Uni5 Xposure PlatformUni5 Xposure leverages exposure assessment and adversarial exposure validation to deliver a unified view of your cyber risks and all actionable pathways to resolve them.
IntegrationsSync with an abundant number of out-of-the-box integrations.
HiveForce LabsStrategic intelligence and operational expertise to ensure comprehensive security readiness at all levels.
Solutions
By Use Case
Total Attack Surface Management
Multi-Environment Security Scanners
Complete Exposure Assessment
Comprehensive Security Intelligence
Vulnerability & Threat Prioritization
Adversarial Exposure Validation
By Role
CISO
Vulnerability Management
Security Operations
DevOps
Industry
Telecommunications
Healthcare
Financial Services
Government & Public Sector
Retail & E-Commerce
Educational Institutions
Resources
Advisories & Digests
Threat Advisories
Threat Digests
Content Library
learn
Blog
Data Sheets
Whitepapers
Press Releases
connect
Webinars & Videos
Company
About Us
Careers
Our Leadership
Contact Us
Book a DemoStart Free Trial
Platform
Platform
Comprehensive Threat Exposure Management Platform
Uni5 Xposure PlatformUni5 Xposure leverages exposure assessment and adversarial exposure validation to deliver a unified view of your cyber risks and all actionable pathways to resolve them.
IntegrationsSync with an abundant number of out-of-the-box integrations.
HiveForce LabsStrategic intelligence and operational expertise to ensure comprehensive security readiness at all levels.
Solutions
Solutions
By Use Case
Total Attack Surface Management
Multi-Environment Security Scanners
Complete Exposure Assessment
Comprehensive Security Intelligence
Vulnerability & Threat Prioritization
Adversarial Exposure Validation
By Role
CISO
Vulnerability Management
Security Operations
DevOps
Industry
Industry
Telecommunications
Healthcare
Financial Services
Government & Public Sector
Retail & E-Commerce
Educational Institutions
Resources
Resources
Advisories & Digests
Threat Advisories
Threat Digests
Content Library
learn
Blog
Data Sheets
Whitepapers
Press Releases
connect
Webinars & Videos
Company
Company
About Us
Careers
Our Leadership
Contact Us
Book a DemoStart Free Trial

Iranian APT is targeting Middle Eastern Aerospace and Telecommunications companies

Threat Level – Amber | Vulnerability Report
Download PDF

For a detailed advisory, download the pdf file here.

ShellClient is a powerful new Remote Access Trojan (RAT) that was used in highly targeted attacks on a select few Aerospace and Telecommunications firms, primarily in the Middle East, with other victims in the United States, Russia, and Europe. The attacks were carried out by a newly uncovered Iranian activity group known as MalKamak, which has been active since at least 2018 but has remained unknown until now. ShellClient follows the trend of abusing cloud-based storage services, in this case the popular Dropbox service. The programmers of ShellClient decided to leave their old C2 domain and replace the malware’s C2 mechanism with a simpler C2 channel to exfiltrate stolen data and deliver commands to the malware.

The techniques used by ShellClient includes:

T1049 – System Network Connections Discovery

T1566 – Phishing

T1102 – Web Service

T1036 – Masquerading

T1003 – OS Credential Dumping

T1040 – Network Sniffing

T1543 – Create or Modify System Process

T1127 – Trusted Developer Utilities Proxy Execution

T1560 – Archive Collected Data

Actor Details

Indicators of Compromise (IoCs)

References

What’s new on HivePro

Get through updates and upcoming events, and more directly in your inbox