Beautiful Virgin Islands

Sunday, Sep 21, 2025

Undiscovered Iranian ‘Operation GhostShell’ state-sponsored cyberthreat: report

Undiscovered Iranian ‘Operation GhostShell’ state-sponsored cyberthreat: report

A state-sponsored cyber-espionage campaign has been targeting companies globally including those in the U.S., a new report says.

The cyberattacks were carried out by a newly discovered Iranian group dubbed MalKamak, cybersecurity firm Cybereason said in a new report.

The group has been operating "under the radar" since at least 2018, Cybereason said.

Anonymous computer hacker sitting in front of a virtual screen.


In July, Cybereason's investigative teams responded to Operation GhostShell, a "highly-targeted cyber espionage" campaign aiming to steal sensitive information from global aerospace and telecommunications companies mainly in the Middle East but also companies in the U.S., Europe and Russia.

During the investigation, Cybereason’s Nocturnus Team uncovered a previously undocumented Remote Access Trojan, or RAT, which was employed as the primary espionage tool.

A Trojan horse, or Trojan, is malicious code that appears legitimate but is designed to damage a computer network or steal sensitive data. A RAT typically allows the attacker to gain unauthorized remote access for covert surveillance.

"We witnessed the evolution of a malware that started very simple and over time turned into a sophisticated espionage tool," Assaf Dahan, senior director, head of threat research at Cybereason, told FOX Business.

"The RAT itself can conduct reconnaissance and collect information about the users and infected hosts," Dahan said.

The RAT evaded antivirus tools by using Dropbox as cover.

The Dropbox logo is seen in this illustration photo in 2017. The MalKamak threat group allegedly created Dropbox accounts for their command and control purposes.


"The MalKamak threat group … created Dropbox accounts and used them for their command-and-control purposes," according to Dahan.

"Essentially, they used Dropbox to carry out their operations right under the noses of security professionals. This is a clever way to hide in plain sight since Dropbox is a trusted brand -- and traffic to a legitimate site usually will not raise suspicions of certain security products and analysts," Dahan said.

The authors of the malware also implemented a kill function that instructs the malware to delete itself if they believe their operation might be jeopardized.

"It is very likely MalKamak exfiltrated [stole] hundreds of terabytes of data since launching their campaigns in 2018," Dahan said.

The Iranian group behind the attack is possibly connected to other Iranian state-sponsored actors.

"When we compared MalKamak to known Iranian groups, we did find some potentially interesting connections to other Iranian state-sponsored threat actors," Dahan said, adding, however, that this is still speculation and they need more time to make a definite connection.

Cyber security IT engineer working on protecting network against cyberattack from hackers on internet. Recently, an Iranian group called MalKamak has been carrying out cyberattacks.


But the aim is the same: the aerospace and telecommunications sectors are prime targets for Iran, Chris Morgan, senior cyber threat intelligence analyst at Digital Shadows, a San Francisco-based cybersecurity firm, told FOX Business.

"Obtaining sensitive information related to these sectors … could provide Iran with a strategic advantage, which was likely the overall goal of the GhostShell campaign," Morgan said.

Newsletter

Related Articles

Beautiful Virgin Islands
0:00
0:00
Close
EU Set to Bar Big Tech from New Financial Data Access Scheme
China Bans Livestreaming and AI in Religion Amid Crackdown on Shaolin Temple Scandal
Documents Reveal Mandelson Failed to Declare Epstein-Funded Flights as MP in 2003
Dubai Property Boom Shows Strain as Flippers Get Buyer’s Remorse
Harris Memoir Sparks Backlash from Democrats for Blunt Critiques in ‘107 Days’
Germany Weighs Excluding France from Key European Fighter Jet Programme
Cyberattack Disrupts Check-in and Boarding Systems at Major European Airports
Japan’s ‘Death-Tainted’ Homes Gain Appeal as Prices Soar in Tokyo
Massive Attack Withdraws from Spotify Over Daniel Ek’s €600M Defence-AI Investment
Björn Borg Breaks Silence: Memoir Reveals Addiction, Shame and Cancer Battle
When Extremism Hijacks Idealism: How the Baader-Meinhof Gang Emerged and Fell
Top AI Researchers Are Heading Back to China as U.S. Struggles to Keep Pace
JWST Data Brings TRAPPIST-1e Closer to Earth-Like Habitability
Trump Orders Third Lethal Strike on Drug-Trafficking Vessel as U.S. Expands Maritime Counter-Narcotics Operations
Trump Orders $100,000 Fee on H-1B Visas and Launches ‘Gold Card’ Immigration Pathway
Why Google Search Is Fading and AI Is Taking Its Place
UAE-US Stargate Project Poised to Make Abu Dhabi a Global AI Powerhouse
Federal Judge Dismisses Trump’s Fifteen-Billion-Dollar Suit Against New York Times, Orders Refile
France’s Looming Budget Crisis and Political Fracture Raise Fears of Becoming Europe’s “Sick Man”
Three Russian MiG-31 Jets Breach Estonian Airspace in ‘Unprecedentedly Brazen’ NATO Incident
DeepSeek Claims R1 Model Trained for only $294,000, Sparking Global Debate Over China’s AI Capabilities
SoftBank Vision Fund to Cut Nearly Twenty Percent of Staff in Bold AI Strategy Shift
Intel’s Next-Gen Manufacturing Gets a Lifeline from Nvidia’s Strategic $5B Deal
Erika Kirk Elected CEO of Turning Point USA After Husband Charlie Kirk’s Assassination
Massive Strikes in France Pressure Macron and New PM on Austerity Proposals
Trump Seeks Supreme Court Permission to Remove Fed Governor Lisa Cook
Hillary Clinton’s Reckless Rhetoric Fuels Division After Charlie Kirk’s Assassination
NASDAQ Rises to Record as Intel Soars More Than 20%, Nvidia Gains 3%
Nvidia’s $5 Billion Bet on Intel Reshapes AI Hardware Landscape
Trump and Starmer Clash Over UK Recognition of Palestinian State Amid State Visit
Trump’s Quip on Biden and Google Lawsuit Revives Debate Over Antitrust Legacy
Macron and his wife to provide 'scientific photographic evidence' that she is a real woman
US Tech Giants Pledge Billions to UK AI Infrastructure Following Starmer's Call
Saudi Arabia cracks down on music ‘lounges’ after conservative backlash
DeepMind and OpenAI Achieve Gold at ‘Coding Olympics’ in AI Milestone
SEC Allows Public Companies to Block Investors from Class-Action Lawsuits
Saudi Arabia Signs ‘Strategic Mutual Defence’ Pact with Pakistan, Marking First Arab State to Gain Indirect Access to Nuclear Strike Capabilities in the Region
Federal Reserve Cuts Rates by Quarter Point and Signals More to Come
Effective and Impressive Generation Z Protest: Images from the Riots in Nepal
European manufacturers against ban on polluting cars: "The industry may collapse"
Sam Altman sells the 'Wedding Estate' in Hawaii for 49 million dollars
Trump: Cancel quarterly company reports and settle for reporting once every six months
Turkish car manufacturer Togg Enters German Market with 5-Star Electric Sedan and SUV to Challenge European EV Brands
US Launches New Pilot Program to Accelerate eVTOL Air Taxi Deployment
Christian Brueckner Released from German Prison after Serving Unrelated Sentence
World’s Longest Direct Flight China Eastern to Launch 29-Hour Shanghai–Buenos Aires Direct Flight via Auckland in December
New OpenAI Study Finds Majority of ChatGPT Use Is Personal, Not Professional
Hong Kong Industry Group Calls for HK$20 Billion Support Fund to Ease Property Market Stress
Joe Biden’s Post-Presidency Speaking Fees Face Weak Demand amid Corporate Reluctance
Charlie Kirk's murder will break the left's hateful cancel tactics
×