Iranian state-sponsored hacking group APT42, linked to the Islamic Revolutionary Guard Corps, is conducting an elaborate espionage campaign targeting senior defense and government officials. The hackers spend weeks building relationships with victims through social media before sending fake conference invitations that either steal credentials or install TameCat malware.
The sophisticated PowerShell backdoor communicates through Telegram and Discord, allowing hackers to remotely execute commands and steal sensitive data. APT42 even targets victims' family members to increase pressure and expand their attack surface. Israel's National Digital Agency warns the campaign uses legitimate cloud services mixed with attacker infrastructure to maintain long-term access to high-value targets.
Source: Security Week