APT34 is an iranian state sponsored hacker group that specializes in cyber espionage, recently they have been gaining traction due to their sophisticated new custom malware designed to attack finance and telecommunication networks.
The group, active since 2012, has expanded its operational focus to include financial institutions and telecommunications providers across the Middle East.
Attack chains begin with executables masquerading as PDF files (Ravateb.pdf.exe) that deploy backdoors capable of both HTTP and compromised email account-based command-and-control (C2) communication.
ThreatBook analysts identified over a dozen compromised Iraqi government email addresses being exploited for lateral movement, including many government backed email addresses of Iraqi nationalities.
Experts state this cyber warfare might linger on to something catastrophic if it is not stopped.
