https://exploitforums.net/ Sun, 12 Apr 2026 23:12:25 +0000 MyBB https://exploitforums.net/showthread.php?tid=6 Thu, 05 Jun 2025 20:16:52 +0000 Preeminence]]> https://exploitforums.net/showthread.php?tid=6 BladedFeline, an Iran-aligned hacking group believed to be a sub-cluster of the well-known Iranian APT group OilRig. The group has been actively targeting Kurdish and Iraqi government officials, with operations dating back to at least 2017. According to ESET, which uncovered and analyzed the activity, BladedFeline focuses on long-term access and espionage, developing and deploying a range of custom malware to infiltrate and maintain control over high-value networks. The group has been linked to sophisticated backdoors such as Shahmaran, Whisper, Spearal, and Optimizer, as well as tunneling tools like Laret and Pinar, and the passive IIS module PrimeCache. These tools are used to exfiltrate diplomatic and financial data, likely in alignment with Iranian strategic interests. Notably, attacks have also extended to telecommunications infrastructure in Uzbekistan and government systems in Azerbaijan. The campaign reflects a persistent and well-resourced effort to monitor and influence regional politics, particularly the Kurdish Regional Government's (KRG) relationships with Western powers and Iraq’s evolving post-conflict governance. While the initial access vector remains uncertain, the consistent targeting patterns underscore Iran’s continued reliance on cyber espionage as a means of projecting regional influence.]]> BladedFeline, an Iran-aligned hacking group believed to be a sub-cluster of the well-known Iranian APT group OilRig. The group has been actively targeting Kurdish and Iraqi government officials, with operations dating back to at least 2017. According to ESET, which uncovered and analyzed the activity, BladedFeline focuses on long-term access and espionage, developing and deploying a range of custom malware to infiltrate and maintain control over high-value networks. The group has been linked to sophisticated backdoors such as Shahmaran, Whisper, Spearal, and Optimizer, as well as tunneling tools like Laret and Pinar, and the passive IIS module PrimeCache. These tools are used to exfiltrate diplomatic and financial data, likely in alignment with Iranian strategic interests. Notably, attacks have also extended to telecommunications infrastructure in Uzbekistan and government systems in Azerbaijan. The campaign reflects a persistent and well-resourced effort to monitor and influence regional politics, particularly the Kurdish Regional Government's (KRG) relationships with Western powers and Iraq’s evolving post-conflict governance. While the initial access vector remains uncertain, the consistent targeting patterns underscore Iran’s continued reliance on cyber espionage as a means of projecting regional influence.]]>