Middle Eastern Networks
The Iran-linked APT group UNC1860, operating under Iran's Ministry of Intelligence and Security, compromised several high-profile networks, including government and telecommunication sectors, via passive backdoors and custom tools like TEMPLEPLAY and VIROGREEN. Despite not having direct confirmation of UNC1860's involvement in specific destructive operations, their sophisticated methodologies and alliances with other APTs suggest their pivotal role in both espionage and network attack operations. Their deep understanding of Windows OS, the reverse engineering of kernel components, and use of custom malware to facilitate undetected access and control, resulted in significant risk and potential long-term access for espionage and damaging actions.
Source: https://securityaffairs.com/168656/apt/unc1860-provides-iran-linked-apts-access-middle-east.html
"id": "mid002100124",
"linkid": "middle-east-broadcasting-networks",
"type": "Breach",
"date": "9/2024",
"severity": "100",
"impact": "",
"explanation": "Attack threatening the organization's existence"