Iranian state-sponsored threat operation UNC1860 has infiltrated Middle Eastern government and telecommunications entities' systems with backdoors, with initial access to such networks then offered to other state-backed hacking groups, according to The Record, a news site by cybersecurity firm Recorded Future.
With its comprehensive passive/listener-based utilities for initial access and lateral movement, UNC1860 may have supported Iranian hacking attacks with the BABYWIPER malware against Israel last October and intrusions with the ROADSWEEP malware against Albania in 2022, an analysis from Google's Mandiant revealed. "As tensions continue to ebb and flow in the Middle East, we believe this actor's adeptness in gaining initial access to target environments represents a valuable asset for the Iranian cyber ecosystem that can be exploited to answer evolving objectives as needs shift," said Mandiant. Such a development comes after Iranian hackers were reported by the FBI, Cybersecurity and Infrastructure Security Agency, and the Office of the Director of National Intelligence to have failed its attempted leak of stolen data from the campaign of former President Donald Trump to the campaign of President Joe Biden and news organizations.
