+- Exploit Forums (https://exploitforums.net)
+-- Forum: General (https://exploitforums.net/forumdisplay.php?fid=1)
+--- Forum: Blackhat (https://exploitforums.net/forumdisplay.php?fid=4)
+---- Forum: Ransomeware, Malware & Viruses (https://exploitforums.net/forumdisplay.php?fid=9)
+---- Thread: BladedFeline malware hits middle eastern countries (/showthread.php?tid=6)
BladedFeline malware hits middle eastern countries - Preeminence - 06-05-2025
In early 2024, cybersecurity researchers attributed a new wave of cyberattacks to BladedFeline, an Iran-aligned hacking group believed to be a sub-cluster of the well-known Iranian APT group OilRig. The group has been actively targeting Kurdish and Iraqi government officials, with operations dating back to at least 2017. According to ESET, which uncovered and analyzed the activity, BladedFeline focuses on long-term access and espionage, developing and deploying a range of custom malware to infiltrate and maintain control over high-value networks. The group has been linked to sophisticated backdoors such as Shahmaran, Whisper, Spearal, and Optimizer, as well as tunneling tools like Laret and Pinar, and the passive IIS module PrimeCache. These tools are used to exfiltrate diplomatic and financial data, likely in alignment with Iranian strategic interests. Notably, attacks have also extended to telecommunications infrastructure in Uzbekistan and government systems in Azerbaijan. The campaign reflects a persistent and well-resourced effort to monitor and influence regional politics, particularly the Kurdish Regional Government's (KRG) relationships with Western powers and Iraq’s evolving post-conflict governance. While the initial access vector remains uncertain, the consistent targeting patterns underscore Iran’s continued reliance on cyber espionage as a means of projecting regional influence.