A new Iranian threat actor has been identified which appears to have been active since early 2017. The group has been targeting organizations throughout the Middle East in both the government and private sectors. At this time there have been no indications that Leafminer is tied to the Iranian government. The group’s list of targets spans multiple industries including the energy sector, shipping, air travel, telecom, security, construction, and food. The group’s goals are currently unknown; however, it appears that they are currently focusing on information collection. The group was discovered after one of the group’s servers was left exposed allowing for significant insight into their operations.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased