The Iran-linked, espionage-focused advanced threat group known as APT33 has been spotted using more than a dozen obfuscated botnets to carry out narrowly targeted attacks against government and academic targets in the Middle East, the U.S. and Asia.
Each botnet, linked to its own command-and-control (C2) server, comprises a small group of up to a dozen infected computers, which are being used to gain persistence within the networks of select targets, according to researchers from Trend Micro. As of last month, researchers counted 10 live bot C2s in active operation.
The goal appears to be to establish a backdoor: “The malware is rather basic and has limited capabilities that include downloading and running additional malware,” the researchers said.
Read more…
Source: ThreatPost