Iranian cyberespionage operations are continuing at a steady pace, but so far no reaction has been spotted in response to the January U.S. drone strike that killed Iranian Gen. Qasem Soleimani.
Almost two months has passed since the Jan. 2, 2020 attack, Secureworks is only noting the continuation of previously implemented espionage operations from Iran/ These are primarily targeting governmental organizations in Turkey, Jordan, Iraq along with intergovernmental and other agencies in Georgia and Azerbaijan.
“Most of this activity commenced prior to the U.S. drone strike. Victimology and code similarity between the macros in the analyzed samples and macros documented in open-source reporting suggest that these campaigns were conducted by the COBALT ULSTER threat group (also known as MuddyWater, Seedworm, TEMP.Zagros, and Static Kitten), which is tasked by the Iranian government,” Secureworks maintaining going cyber efforts response soleimani killing media
