New IMAPLoader malware attacks deployed by Iranian threat operation

New watering hole attacks have been launched by Iranian state-sponsored advanced persistent threat operation Tortoiseshell, also known as TA456, Imperial Kitten, Yellow Liderc, and Crimson Sandstorm, to facilitate the distribution of the IMAPLoader malware, The Hacker News reports. Maritime, shipping, and logistics organizations across the Mediterranean have been mainly targeted by the intrusions with IMAPLoader malware, which exploits Windows utilities to identify targeted systems and deploy additional payloads, a report from the PwC Threat Intelligence team showed. While new attacks involved compromising legitimate websites with malicious JavaScript aimed at exfiltrating visitor data, Tortoiseshell also utilized a fraudulent Microsoft Excel document as an initial attack vector, according to the report. "This threat actor remains an active and persistent threat to many industries and countries, including the maritime, shipping, and logistics sectors within the Mediterranean; nuclear, aerospace, and defense industries in the U.S. and Europe; and IT managed service providers in the Middle East," said PwC.