Iranian APT Behind ForeLord Malware - Binary Defense

Threat Watch

Share on facebook
Share on twitter
Share on linkedin

Iranian APT Behind ForeLord Malware

Iran: A new malware that has been dubbed ForLord was found targeting government officials and corporations from mid-2019 to January 2020. The malware was distributed through emails and targeted corporations in the countries of Turkey, Jordan, and Iraq. Government officials in Georgia and Azerbaijan were also targeted through the same means. The malware was attributed to Cobalt Ulster or Static Kitten, an Iranian APT. The attribution was made through the use of similar code and analyzing macros in the new malware compared to ones from open-source research.

ANALYST NOTES

Iran commonly develops their malware for cyber-espionage campaigns. This campaign was able to last some time before becoming public knowledge–most likely allowing the threat actor many opportunities to steal the credentials of their victims. Credential-stealing malware is very common. Not reusing passwords across accounts helps in cases of credential-stealing malware because if one account is compromised, it will not lead to other accounts also being compromised, minimizing the size of the attack. More information on the malware can be found here: https://threatpost.com/iranian-apt-targets-govs-with-new-malware/153162/

Contact Support

Please complete the form below and a member of our support team will respond as quickly as possible.