Iranian Hackers Using New Marlin Backdoor in 'Out to Sea' Espionage Campaign
Feb 09, 2022
An advanced persistent threat (APT) group with ties to Iran has refreshed its malware toolset to include a new backdoor dubbed Marlin as part of a long-running espionage campaign that started in April 2018. Slovak cybersecurity company ESET attributed the attacks — codenamed "Out to Sea" — to a threat actor called OilRig (aka APT34), while also conclusively connecting its activities to a second Iranian group tracked under the name Lyceum (Hexane aka SiameseKitten ). "Victims of the campaign include diplomatic organizations, technology companies, and medical organizations in Israel, Tunisia, and the United Arab Emirates," ESET noted in its T3 2021 Threat Report shared with The Hacker News. Active since at least 2014, the hacking group is known to strike Middle Eastern governments and a variety of business verticals, including chemical, energy, financial, and telecommunications. In April 2021, the actor targeted a Lebanese e...
