A fresh round of spear-phishing assaults that compromise the Windows and macOS operating systems have been connected to the Iranian nation-state actor known as TA453.In a recent research, Proofpoint stated that “TA453 eventually used a variety of cloud hosting providers to deliver a novel infection chain that deployed the recently identified PowerShell backdoor GorjolEcho.”
“TA453 attempted to start the NokNok infection chain, which had an Apple flavour, when given the chance to transmit its virus. In its never-ending search for intelligence, TA453 also used multiple persona impersonation. The download contains an LNK dropper that starts a multi-step process to implant GorjolEcho, which then displays a bogus PDF page while secretly awaiting subsequent payloads from a remote server.“TA453 attempted to start the NokNok infection chain, which had an Apple flavour, when given the chance to transmit its virus. In its never-ending search for intelligence, TA453 also used multiple persona impersonation. The download contains an LNK dropper that starts a multi-step process to implant GorjolEcho, which then displays a bogus PDF page while secretly awaiting subsequent payloads from a remote server.