Crafty Camel Caper: Iranian Phishing Plot Targets UAE Aviation with Sneaky Sosano Backdoor
Threat hunters uncover an Iranian-aligned campaign targeting fewer than five U.A.E. entities with a Golang backdoor called Sosano. Using a compromised Indian electronics company, the attackers delivered cunning phishing emails. This showcases the elaborate techniques state-aligned actors employ to breach aviation and satellite communications sectors. Enter the world of “UNK_CraftyCamel.”
Hot Take:
When it comes to phishing, it seems like the skies are not the limit but the target! With an attack this crafty, perhaps the culprits should be rebranded as “The Unbearably Sneaky Sosano Squadron.” Move over, Ocean’s Eleven, we’ve got a new heist in town, and it’s all about emails and Excel files with a double dose of deception!
Key Points:
- Highly-targeted phishing campaign in the U.A.E. focused on aviation and satellite communications sectors.
- Attackers used a compromised email account from INDIC Electronics to send deceptive phishing messages.
- The phishing emails contained URLs to a fake domain, hosting a ZIP archive with a double-extension XLS file and polyglot PDF files.
- Proofpoint suspects that the attack is linked to an Iranian-aligned group, possibly associated with the IRGC.
- The Sosano backdoor, written in Golang, allows basic directory and file manipulation, with the potential to execute further commands.
Already a member? Log in here