Iran-aligned BladedFeline spies on Iraqi and Kurdish officials, ESET Research discovers - Middle East Business News and Information
The Iran-aligned threat group BladedFeline has targeted Kurdish and Iraqi government officials in a recent cyber-espionage campaign, according to ESET researchers. The group deployed a range of malicious tools discovered within the compromised systems, indicating a continued effort to maintain and expand access to high-ranking officials and government organizations in Iraq and the Kurdish region. The latest campaign highlights BladedFeline's evolving capabilities, featuring two tunneling tools (Laret and Pinar), various supplementary tools, and, most notably, a custom backdoor Whisper and a malicious Internet Information Services (IIS) module PrimeCache, both identified and named by ESET.
Whisper logs into a compromised webmail account on a Microsoft Exchange server and uses it to communicate with the attackers via email attachments. PrimeCache also serves as a backdoor: it is a malicious IIS module. PrimeCache also bears similarities to the RDAT backdoor used by OilRig Advanced Persistent Threat (APT) group.
Based on these code similarities, as well as on further evidence presented in this blogpost, ESET assesses that BladedFeline is a very likely subgroup of OilRig, an Iran-aligned APT group going after governments and businesses in the Middle East. The initial implants in the latest campaign can be traced back to OilRig. These tools reflect the group's strategic focus on persistence and stealth within targeted networks.
BladedFeline has worked consistently to maintain illicit access to Kurdish diplomatic officials, while simultaneously exploiting a regional telecommunications provider in Uzbekistan, and developing and maintaining access to officials in the government of Iraq.
ESET Research assesses that BladedFeline is targeting the Kurdish and Iraqi governments for cyberespionage purposes, with an eye toward maintaining strategic access to the computers of high-ranking officials in both governmental entities. The Kurdish diplomatic relationship with Western nations, coupled with the oil reserves in the Kurdistan region, makes it an enticing target for Iran-aligned threat actors to spy on and potentially manipulate. In Iraq, these threat actors are most probably trying to counter the influence of Western governments following the US invasion and occupation of the country.
In 2023, ESET Research discovered that BladedFeline targeted Kurdish diplomatic officials with the Shahmaran backdoor, and previously reported on its activities in ESET APT Activity reports. The group has been active since at least 2017, when it compromised officials within the Kurdistan Regional Government, but is not the only subgroup of OilRig that ESET Research is monitoring. ESET has been tracking Lyceum, also known as HEXANE or Storm-0133, as another OilRig subgroup. Lyceum focuses on targeting various Israeli organizations, including governmental and local governmental entities and organizations in healthcare.
ESET expects that BladedFeline will persist with implant development in order to maintain and expand access within its compromised victim set for cyberespionage.
For a more detailed analysis and technical breakdown of BladedFeline's tools used in Operation RoundPress, check out the latest ESET Research blogpost 'Whispering in the dark' on WeLiveSecurity.com. Make sure to follow ESET Research on Twitter (today known as X), BlueSky, and Mastodon for the latest news from ESET Research.
About ESET
ESET® provides cutting-edge digital security to prevent attacks before they happen. By combining the power of AI and human expertise, ESET stays ahead of emerging global cyberthreats, both known and unknown— securing businesses, critical infrastructure, and individuals. Whether it's endpoint, cloud or mobile protection, our AI-native, cloud-first solutions and services remain highly effective and easy to use. ESET technology includes robust detection and response, ultra-secure encryption, and multifactor authentication. With 24/7 real-time defense and strong local support, we keep users safe and businesses running without interruption. The ever-evolving digital landscape demands a progressive approach to security: ESET is committed to world-class research and powerful threat intelligence, backed by R&D centers and a strong global partner network.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
See - Sada Elbalad
an hour ago
- See - Sada Elbalad
"Tensions Escalate: Iran Probes Allegations of Indian Tech Collaboration with Israeli Intelligence"
Ahmed Emam Iran is currently investigating allegations that Indian software and technology companies operating within Iran may have provided backdoor access to Israeli intelligence during the recent Iran-Israel conflict. This probe comes amid heightened tensions and a series of targeted killings of Iranian nuclear scientists, which Iranian media attribute to Israel obtaining critical digital data through such vulnerabilities. Indian Software and Tech Presence in Iran Many key Iranian institutions, including airports and passport offices, rely on Indian-made applications and software systems for their operations. These systems are integral to managing sensitive data and critical infrastructure, making any potential security breaches highly consequential for Iran's national security. Impact of Cyber Espionage on Iran-Israel Conflict Iranian media reports suggest that Israel's intelligence agency, Mossad, exploited these backdoors to access sensitive Iranian data. This intelligence reportedly played a significant role in the precision targeting and assassination of at least 14 senior Iranian nuclear scientists involved in Iran's nuclear program. Israeli officials have openly acknowledged a military campaign aimed at dismantling Iran's nuclear capabilities by eliminating key figures behind the program, which has set back Iran's nuclear ambitions by several years. The Iranian government has accused Israeli operatives of coordinating these attacks from within Iran, leveraging digital espionage to facilitate targeted killings. The fallout has been severe, with Iran arresting over 700 individuals suspected of spying for Israel and executing several on espionage charges. Iranian security services have also warned citizens about social media activities linked to Israeli intelligence, urging vigilance and cooperation. Broader Cybersecurity Context This situation reflects a broader cyber conflict dimension where Iranian and Israeli cyber actors are engaged in ongoing offensive and defensive operations. For instance, Iranian state-sponsored hacking groups have been targeting Israeli professionals with sophisticated AI-driven phishing campaigns, while Israeli intelligence has reportedly penetrated much of Iran's security framework. Iran's reliance on foreign software, including Indian technology, for critical infrastructure has raised concerns about vulnerabilities that could be exploited by adversaries. The Iranian National Security Agency and other cybersecurity bodies are likely intensifying scrutiny of all foreign technology providers to identify potential security loopholes. Conclusion The investigation into Indian software and tech companies in Iran highlights the complex intersection of technology, espionage, and warfare in the Iran-Israel conflict. While Indian companies provide essential digital infrastructure to Iranian institutions, the alleged backdoor access exploited by Israeli intelligence underscores the risks of foreign software in sensitive national security environments. This episode serves as a stark reminder of how cyber vulnerabilities can have real-world consequences in geopolitical conflicts. read more Gold prices rise, 21 Karat at EGP 3685 NATO's Role in Israeli-Palestinian Conflict US Expresses 'Strong Opposition' to New Turkish Military Operation in Syria Shoukry Meets Director-General of FAO Lavrov: confrontation bet. nuclear powers must be avoided News Iran Summons French Ambassador over Foreign Minister Remarks News Aboul Gheit Condemns Israeli Escalation in West Bank News Greek PM: Athens Plays Key Role in Improving Energy Security in Region News One Person Injured in Explosion at Ukrainian Embassy in Madrid News China Launches Largest Ever Aircraft Carrier Sports Former Al Zamalek Player Ibrahim Shika Passes away after Long Battle with Cancer Videos & Features Tragedy Overshadows MC Alger Championship Celebration: One Fan Dead, 11 Injured After Stadium Fall Lifestyle Get to Know 2025 Eid Al Adha Prayer Times in Egypt Business Fear & Greed Index Plummets to Lowest Level Ever Recorded amid Global Trade War Arts & Culture Zahi Hawass: Claims of Columns Beneath the Pyramid of Khafre Are Lies News Flights suspended at Port Sudan Airport after Drone Attacks Videos & Features Video: Trending Lifestyle TikToker Valeria Márquez Shot Dead during Live Stream News Shell Unveils Cost-Cutting, LNG Growth Plan Technology 50-Year Soviet Spacecraft 'Kosmos 482' Crashes into Indian Ocean
Al-Ahram Weekly
17 hours ago
- Al-Ahram Weekly
Israeli strike on south Lebanon kills one: Ministry - Region
An Israeli strike on southern Lebanon killed one person on Saturday, the Lebanese health ministry said, the latest attack despite a ceasefire between Israel and Iran-backed Hezbollah. In a statement, the health ministry said that an "Israeli enemy" drone strike on a car in Kunin, south Lebanon, killed one man in a preliminary toll. The Israeli military did not immediately comment on the incident. The attack comes a day after Israel killed a woman and wounded 25 other people in strikes across the country's south. Lebanon's state-run National News Agency reported that the woman was killed in an Israeli drone strike on an apartment in the city of Nabatiyeh. Israeli military spokesman Avichay Adraee said on social media that the army "did not target any civilian building". The Friday attacks included a "wave of successive heavy strikes" in the Nabatiyeh region, which injured seven people, according to the NNA. The Israeli military said it "identified rehabilitation attempts made by Hezbollah beforehand and struck terror infrastructure sites in the area". Adraee said the civilian building "was hit by a rocket that was inside the (fire and defence array) site and launched and exploded as a result of the strike". Israel has repeatedly bombed its northern neighbour despite the November ceasefire that aimed to end over a year of hostilities with Hezbollah. Under the ceasefire deal, Hezbollah was to pull its fighters back north of the Litani river, some 30 kilometres (20 miles) from the Israeli border, leaving the Lebanese army and United Nations peacekeepers as the only armed parties in the region. Israel was required to fully withdraw its troops from the country, but has kept them in five locations in south Lebanon that it deems strategic. Follow us on: Facebook Instagram Whatsapp Short link:
Al-Ahram Weekly
4 days ago
- Al-Ahram Weekly
Iran executes 3 more prisoners it accused of spying for Israel - Region
Iran executed three more prisoners Wednesday over allegedly spying for Israel, its state-run IRNA news agency reported, the latest hangings connected to its war with Israel. The hangings happened in Urmia Prison in Iran's West Azerbaijan province, which is the country's most northwest province. IRNA cited Iran's judiciary for the news, saying the men had been accused of bringing 'assassination equipment' into the country. Iran has carried out several hangings during its war with Israel. Iran identified the three men executed as Azad Shojaei, Edris Aali and Iraqi national Rasoul Ahmad Rasoul. Wednesday's execution bring the total number of hangings for espionage around the war up to six since June 16. In Israel, at least 28 people have been killed and more than 1,000 wounded in the war. Hundreds have died throughout the war in Iran, according to both the government — which has provided sporadic casualty figures throughout the war — and the Washington-based group Human Rights Activists. Iran's government on Tuesday put the death toll at 606 people killed, with 5,332 others being injured. Human Rights Activists released figures Wednesday showing Israeli strikes on Iran have killed at least 1,054 people and wounded 4,476 others. The group, which has provided detailed casualty figures from multiple rounds of unrest in Iran, said of those killed, it identified 417 civilians and 318 security force personnel. People in Iran, meanwhile, began trying to return to their normal lives as a shaky ceasefire with Israel, negotiated by President Donald Trump, appeared to be holding. State media described heavy traffic around the Caspian Sea area and other rural areas outside of the capital, Tehran, as people began returning to the city. Tehran experienced intense Israeli airstrikes throughout the war, including those that targeted Iran's top military leadership and other sites associated with its ruling theocracy. Follow us on: Facebook Instagram Whatsapp Short link:
