Cyberespionage group TA402, known for targeting government entities in the Middle East and North Africa, has altered its infection chain tactics three times recently, despite no observed change in its targeting. Its recent campaigns use spear-phishing emails sent from compromised email accounts of legitimate entities, delivering custom malware implant, IronWind. The group’s activities overlap with those attributed to Molerats, Gaza Cybergang, Frankenstein, and WIRTE, suggesting these could all be aliases.
Rust-Based Luca Stealer Spreads Across Linux and Windows Systems
Threat actors are increasingly abandoning traditional languages like C and C++ in favor of modern alternatives such as Golang, Rust, and Nim. This strategic shift
