Iran-Linked BladedFeline Hits Iraqi and Kurdish Targets with Whisper and Spearal Malware

An Iran-aligned hacking group has been attributed to a new set of cyber attacks targeting Kurdish and Iraqi government officials in early 2024. The activity is tied to a threat group ESET tracks as BladedFeline , which is assessed with medium confidence to be a sub-cluster within OilRig, a known Iranian nation-state cyber actor. It's said to be active since September 2017, when it targeted officials associated with the Kurdistan Regional Government (KRG). "This group develops malware for maintaining and expanding access within organizations in Iraq and the KRG," the Slovak cybersecurity company said in a technical report shared with The Hacker News. "BladedFeline has worked consistently to maintain illicit access to Kurdish diplomatic officials, while simultaneously exploiting a regional telecommunications provider in Uzbekistan, and developing and maintaining access to officials in the government of Iraq." BladedFeline was first documented by ESET in May 2024 as part of its APT Activity Report Q4 2023–Q1 2024, detailing the adversary's attack on a governmental organization from the Kurdistan region of Iraq and its targeting of the Uzbekistan telecom provider that may have been compromised as early as May 2022. The group was discovered in 2023 following attacks aimed at Kurdish diplomatic officials with Shahmaran, a simple backdoor that checks in with a remote server and executes any operator-provided commands on the infected host to upload or download files, request…Read More