Iranian Group Tortoiseshell Launches New Wave of IMAPLoader Malware Attacks
Oct 26, 2023
Cyber Threat / Malware
The Iranian threat actor known as Tortoiseshell has been attributed to a new wave of watering hole attacks that are designed to deploy a malware dubbed IMAPLoader. "IMAPLoader is a .NET malware that has the ability to fingerprint victim systems using native Windows utilities and acts as a downloader for further payloads," the PwC Threat Intelligence team said in a Wednesday analysis. "It uses email as a [command-and-control] channel and is able to execute payloads extracted from email attachments and is executed via new service deployments." Active since at least 2018, Tortoiseshell has a history of using strategic website compromises as a ploy to facilitate the distribution of malware. Earlier this May, ClearSky linked the group to the breach of eight websites associated with shipping, logistics, and financial services companies in Israel. The threat actor is aligned with the Islamic Revolutionary Guard Corps ( IRGC ) and is also tr...
