Iranian Hackers Go Job Hunting on LinkedIn: Subtle Snail’s Espionage Escapades Target Telecom Giants
Iranian cyber group UNC1549, also known as Subtle Snail, has been targeting European telecom companies via fake LinkedIn recruitment schemes. By posing as HR, they gain trust before deploying the MINIBIKE backdoor, exfiltrating sensitive data. Their operations blend seamlessly with legitimate cloud services, making detection as slippery as, well, a snail.
Hot Take:
Iranian cyber spies are back at it, and this time they’re infiltrating telecom companies under the guise of friendly HR reps. Who needs LinkedIn endorsements when you can just hack into the entire network? UNC1549, also known as Subtle Snail, is proving that slow and steady wins the espionage race, even if it involves a bit of snail-paced deception. Move over, corporate recruiters—there’s a new LinkedIn influencer in town, and they’re bringing malware to the party!
Key Points:
– UNC1549, linked to Iran’s IRGC, is targeting telecommunications in Europe and beyond by posing as HR recruiters on LinkedIn.
– The campaign infiltrated 34 devices across 11 organizations, including those in Canada, France, UAE, UK, and the USA.
– They deploy a variant of the MINIBIKE backdoor, communicating through Azure cloud services to avoid detection.
– The attack involves spear-phishing and fake job offers, leading to malware downloads and data exfiltration.
– MuddyWater, another Iranian group, diversifies its toolkit with bespoke backdoors, shifting from traditional RMM tools.