Updated on 2022-11-29
Chinese security firm QiAnXin has published a report on the Lyceum APT, reviewing recent spear-phishing and malware delivery TTPs, most of which have used military-themed lures for distribution. Read more: 瞄准能源企业:Lyceum组织以军事热点事件为诱饵针对中东地区的定向攻击
Overview
ClearSky said it discovered new malware associated with the Iranian SiameseKitten (Lyceum) group. The malware is dropped by a PDF file claiming to contain info about drone strikes conducted in Iran. It installs a reverse shell, and ClearSky says the malware is signed using a fake Microsoft certificate that is also used by a variety of other Iranian groups, such as Phosphorus. Read more: Lyceum suicide drone
