Following the recent mass demonstration, the Iran-linked Infy group may attempt to target protesters and their contacts abroad.
The crackdown of Iranian authorities on protesters and dissident could have a wide range and involve anyone in contact with them.
According to cybersecurity firms and researchers, a nation-state actor called Infy is intensifying its attacks against anyone is in contact with protesters.
The state-sponsored hackers target victims with spear-phishing messages that are constantly refined and improved.
The name Infy malware is based on a string used by the VXers in filenames and command and control (C&C) folder names and strings.
The Infy malware was first submitted to VirusTotal on August 2007, meanwhile, the C&C domain used by the oldest sample spotted by the experts has been associated with a malicious campaign dated back December 2004.
The malware evolved over the years, the authors improved it by implementing new features such as support for the Microsoft Edge web browser that was introduced in the version 30.
Unlike other Iranian nation-state actors who target foreign organizations, the Infy group appears focused on opponents and dissidents.
Researchers Colin Anderson and Claudio Guarnieri, authors of the research titled “Iran and the Soft War for Internet Dominance,” confirmed that the Infy attackers were responsible for a large number of attempted malware attacks against Iranian civil society since late 2014.
In response to the recent mass demonstrations, the Iran Government also tried to isolate the protests by blocking internet on mobile networks, the authorities blocked Instagram and messaging services like Telegram.
Security experts believe that protesters will be targeted by the Infy actor, its malware will be used against anyone has any kind of relationship with them.
(Security Affairs – Iranian hackers, hacking)