Beautiful Virgin Islands

Monday, Sep 01, 2025

Undiscovered Iranian ‘Operation GhostShell’ state-sponsored cyberthreat: report

Undiscovered Iranian ‘Operation GhostShell’ state-sponsored cyberthreat: report

A state-sponsored cyber-espionage campaign has been targeting companies globally including those in the U.S., a new report says.

The cyberattacks were carried out by a newly discovered Iranian group dubbed MalKamak, cybersecurity firm Cybereason said in a new report.

The group has been operating "under the radar" since at least 2018, Cybereason said.

Anonymous computer hacker sitting in front of a virtual screen.


In July, Cybereason's investigative teams responded to Operation GhostShell, a "highly-targeted cyber espionage" campaign aiming to steal sensitive information from global aerospace and telecommunications companies mainly in the Middle East but also companies in the U.S., Europe and Russia.

During the investigation, Cybereason’s Nocturnus Team uncovered a previously undocumented Remote Access Trojan, or RAT, which was employed as the primary espionage tool.

A Trojan horse, or Trojan, is malicious code that appears legitimate but is designed to damage a computer network or steal sensitive data. A RAT typically allows the attacker to gain unauthorized remote access for covert surveillance.

"We witnessed the evolution of a malware that started very simple and over time turned into a sophisticated espionage tool," Assaf Dahan, senior director, head of threat research at Cybereason, told FOX Business.

"The RAT itself can conduct reconnaissance and collect information about the users and infected hosts," Dahan said.

The RAT evaded antivirus tools by using Dropbox as cover.

The Dropbox logo is seen in this illustration photo in 2017. The MalKamak threat group allegedly created Dropbox accounts for their command and control purposes.


"The MalKamak threat group … created Dropbox accounts and used them for their command-and-control purposes," according to Dahan.

"Essentially, they used Dropbox to carry out their operations right under the noses of security professionals. This is a clever way to hide in plain sight since Dropbox is a trusted brand -- and traffic to a legitimate site usually will not raise suspicions of certain security products and analysts," Dahan said.

The authors of the malware also implemented a kill function that instructs the malware to delete itself if they believe their operation might be jeopardized.

"It is very likely MalKamak exfiltrated [stole] hundreds of terabytes of data since launching their campaigns in 2018," Dahan said.

The Iranian group behind the attack is possibly connected to other Iranian state-sponsored actors.

"When we compared MalKamak to known Iranian groups, we did find some potentially interesting connections to other Iranian state-sponsored threat actors," Dahan said, adding, however, that this is still speculation and they need more time to make a definite connection.

Cyber security IT engineer working on protecting network against cyberattack from hackers on internet. Recently, an Iranian group called MalKamak has been carrying out cyberattacks.


But the aim is the same: the aerospace and telecommunications sectors are prime targets for Iran, Chris Morgan, senior cyber threat intelligence analyst at Digital Shadows, a San Francisco-based cybersecurity firm, told FOX Business.

"Obtaining sensitive information related to these sectors … could provide Iran with a strategic advantage, which was likely the overall goal of the GhostShell campaign," Morgan said.

Newsletter

Related Articles

Beautiful Virgin Islands
0:00
0:00
Close
Chinese and Indian Leaders Pursue Amity Amid Global Shifts
European Union Plans for Ukraine Deployment
ECB Warns Against Inflation Complacency
Concerns Over North Cyprus Casino Development
Shipping Companies Look Beyond Chinese Finance
Rural Exodus Fueling European Wildfires
China Hosts Major Security Meeting
Chinese Police Successfully Recover Family's Savings from Livestream Purchases
Germany Marks a Decade Since Migrant Wave with Divisions, Success Stories, and Political Shifts
Liverpool Defeat Arsenal 1–0 with Szoboszlai Free-Kick to Stay Top of Premier League
Prince Harry and King Charles to Meet in First Reunion After 20 Months
Chinese Stock Market Rally Fueled by Domestic Investors
Israeli Airstrike in Yemen Kills Houthi Prime Minister
Ukrainian Nationalist Politician Andriy Parubiy Assassinated in Lviv
Corporate America Cuts Middle Management as Bosses Take On Triple the Workload
Parents Sue OpenAI After Teen’s Death, Alleging ChatGPT Encouraged Suicide
Amazon Faces Lawsuit Over 'Buy' Label on Digital Streaming Content
Federal Reserve Independence Questioned Amid Trump’s Push to Reshape Central Bank
British Politics Faces Tumultuous Autumn After Summer of Rebellions and Rising Farage Momentum
US Appeals Court Rules Against Most Trump-Era Tariffs
UK Sought Broad Access to Apple Users’ Data, Court Filing Reveals
UK Bank Shares Dive Over Potential Tax on Sector
Germany’s Auto Industry Sheds 51,500 Jobs in First Half of 2025 Amid Deepening Crisis
Bruce Willis Relocated Due to Advanced Dementia
French and Korean Nuclear Majors Clash As EU Launches Foreign Subsidy Probe
EU Stands Firm on Digital Rules as Trump Warns of Retaliation
Getting Ready for the 3rd Time in Its History, Germany Approves Voluntary Military Service for Teenagers
Argentine President Javier Milei Evacuated After Stones Thrown During Campaign Event
Denmark Confronts U.S. Diplomat Over Covert Trump-Linked Influence in Greenland
Starmer Should Back Away from ECHR, Says Jack Straw
Trump Demands RICO Charges Against George Soros and Son for Funding Violent Protests
Taylor Swift Announces Engagement to NFL Star Travis Kelce
France May Need IMF Bailout, Warns Finance Minister
Chinese AI Chipmaker Cambricon Posts Record Profit as Beijing Pushes Pivot from Nvidia
After the Shock of Defeat, Iranians Yearn for Change
Ukraine Finally Allows Young Men Aged Eighteen to Twenty-Two to Leave the Country
The Porn Remains, Privacy Disappears: How Britain Broke the Internet in Ten Days
YouTube Altered Content by Artificial Intelligence – Without Permission
Welcome to The Definition of Insanity: Germany Edition
Just a reminder, this is Michael Jackson's daughter, Paris.
Spotify’s Strange Move: The Feature Nobody Asked For – Returns
Manhunt in Australia: Armed Anti-Government Suspect Kills Police Officers Sent to Arrest Him
China Launches World’s Most Powerful Neutrino Detector
How Beijing-Linked Networks Shape Elections in New York City
Ukrainian Refugee Iryna Zarutska Fled War To US, Stabbed To Death
Elon Musk Sues Apple and OpenAI Over Alleged App Store Monopoly
2 Australian Police Shot Dead In Encounter In Rural Victoria State
Vietnam Evacuates Hundreds of Thousands as Typhoon Kajiki Strikes; China’s Sanya Shuts Down
UK Government Delays Decision on China’s Proposed London Embassy Amid Concerns Over Redacted Plans
A 150-Year Tradition to Be Abolished? Uproar Over the Popular Central Park Attraction
×