London Daily

Focus on the big picture.
Thursday, Oct 23, 2025

Undiscovered Iranian ‘Operation GhostShell’ state-sponsored cyberthreat: report

Undiscovered Iranian ‘Operation GhostShell’ state-sponsored cyberthreat: report

A state-sponsored cyber-espionage campaign has been targeting companies globally including those in the U.S., a new report says.

The cyberattacks were carried out by a newly discovered Iranian group dubbed MalKamak, cybersecurity firm Cybereason said in a new report.

The group has been operating "under the radar" since at least 2018, Cybereason said.

Anonymous computer hacker sitting in front of a virtual screen.


In July, Cybereason's investigative teams responded to Operation GhostShell, a "highly-targeted cyber espionage" campaign aiming to steal sensitive information from global aerospace and telecommunications companies mainly in the Middle East but also companies in the U.S., Europe and Russia.

During the investigation, Cybereason’s Nocturnus Team uncovered a previously undocumented Remote Access Trojan, or RAT, which was employed as the primary espionage tool.

A Trojan horse, or Trojan, is malicious code that appears legitimate but is designed to damage a computer network or steal sensitive data. A RAT typically allows the attacker to gain unauthorized remote access for covert surveillance.

"We witnessed the evolution of a malware that started very simple and over time turned into a sophisticated espionage tool," Assaf Dahan, senior director, head of threat research at Cybereason, told FOX Business.

"The RAT itself can conduct reconnaissance and collect information about the users and infected hosts," Dahan said.

The RAT evaded antivirus tools by using Dropbox as cover.

The Dropbox logo is seen in this illustration photo in 2017. The MalKamak threat group allegedly created Dropbox accounts for their command and control purposes.


"The MalKamak threat group … created Dropbox accounts and used them for their command-and-control purposes," according to Dahan.

"Essentially, they used Dropbox to carry out their operations right under the noses of security professionals. This is a clever way to hide in plain sight since Dropbox is a trusted brand -- and traffic to a legitimate site usually will not raise suspicions of certain security products and analysts," Dahan said.

The authors of the malware also implemented a kill function that instructs the malware to delete itself if they believe their operation might be jeopardized.

"It is very likely MalKamak exfiltrated [stole] hundreds of terabytes of data since launching their campaigns in 2018," Dahan said.

The Iranian group behind the attack is possibly connected to other Iranian state-sponsored actors.

"When we compared MalKamak to known Iranian groups, we did find some potentially interesting connections to other Iranian state-sponsored threat actors," Dahan said, adding, however, that this is still speculation and they need more time to make a definite connection.

Cyber security IT engineer working on protecting network against cyberattack from hackers on internet. Recently, an Iranian group called MalKamak has been carrying out cyberattacks.


But the aim is the same: the aerospace and telecommunications sectors are prime targets for Iran, Chris Morgan, senior cyber threat intelligence analyst at Digital Shadows, a San Francisco-based cybersecurity firm, told FOX Business.

"Obtaining sensitive information related to these sectors … could provide Iran with a strategic advantage, which was likely the overall goal of the GhostShell campaign," Morgan said.

Newsletter

Related Articles

0:00
0:00
Close
US Administration Under President Donald Trump Reportedly Lifts Ban on Ukraine’s Use of Storm Shadow Missiles Against Russia
‘Frightening’ First Night in Prison for Sarkozy: Inmates Riot and Shout ‘Little Nicolas’
White House Announces No Imminent Summit Between Trump and Putin
US and Qatar Warn EU of Trade and Energy Risks from Tough Climate Regulation
Apple Challenges EU Digital Markets Act Crackdown in Landmark Court Battle
Nicolas Sarkozy begins five-year prison term at La Santé in Paris
Japan stocks surge to record as Sanae Takaichi becomes Prime Minister
This Is How the 'Heist of the Century' Was Carried Out at the Louvre in Seven Minutes: France Humiliated as Crown with 2,000 Diamonds Vanishes
China Warns UK of ‘Consequences’ After Delay to London Embassy Approval
France’s Wealthy Shift Billions to Luxembourg and Switzerland Amid Tax and Political Turmoil
"Sniper Position": Observation Post Targeting 'Air Force One' Found Before Trump’s Arrival in Florida
Shouting Match at the White House: 'Trump Cursed, Threw Maps, and Told Zelensky – "Putin Will Destroy You"'
Windows’ Own ‘Siri’ Has Arrived: You Can Now Talk to Your Computer
Thailand and Singapore Investigate Cambodian-Based Prince Group as U.S. and U.K. Sanctions Unfold
‘No Kings’ Protests Inflate Numbers — But History Shows Nations Collapse Without Strong Executive Power
Chinese Tech Giants Halt Stablecoin Launches After Beijing’s Regulatory Intervention
Manhattan Jury Holds BNP Paribas Liable for Enabling Sudanese Government Abuses
Trump Orders Immediate Release of Former Congressman George Santos After Commuting Prison Sentence
S&P Downgrades France’s Credit Rating, Citing Soaring Debt and Political Instability
Ofcom Rules BBC’s Gaza Documentary ‘Materially Misleading’ Over Narrator’s Hamas Ties
Diane Keaton’s Cause of Death Revealed as Pneumonia, Family Confirms
Former Lostprophets Frontman Ian Watkins Stabbed to Death in British Prison
"The Tsunami Is Coming, and It’s Massive": The World’s Richest Man Unveils a New AI Vision
Outsider, Heroine, Trailblazer: Diane Keaton Was Always a Little Strange — and Forever One of a Kind
Dramatic Development in the Death of 'Mango' Founder: Billionaire's Son Suspected of Murder
Two Years of Darkness: The Harrowing Testimonies of Israeli Hostages Emerging From Gaza Captivity
EU Moves to Use Frozen Russian Assets to Buy U.S. Weapons for Ukraine
Europe Emerges as the Biggest Casualty in U.S.-China Rare Earth Rivalry
HSBC Confronts Strategic Crossroads as NAB Seeks Only Retail Arm in Australia Exit
U.S. Chamber Sues Trump Over $100,000 H-1B Visa Fee
Shenzhen Expo Spotlights China’s Quantum Step in Semiconductor Self-Reliance
China Accelerates to the Forefront in Global Nuclear Fusion Race
Yachts, Private Jets, and a Picasso Painting: Exposed as 'One of the Largest Frauds in History'
Australia’s Wedgetail Spies Aid NATO Response as Russian MiGs Breach Estonian Airspace
McGowan Urges Chalmers to Cut Spending Over Tax Hike to Close $20 Billion Budget Gap
Victoria Orders Review of Transgender Prison Placement Amid Safety Concerns for Female Inmates
U.S. Treasury Mobilises New $20 Billion Debt Facility to Stabilise Argentina
French Business Leaders Decry Budget as Macron’s Pro-Enterprise Promise Undermined
Trump Claims Modi Pledged India Would End Russian Oil Imports Amid U.S. Tariff Pressure
Surging AI Startup Valuations Fuel Bubble Concerns Among Top Investors
Australian Punter Archie Wilson Tears Up During Nebraska Press Conference, Sparking Conversation on Male Vulnerability
Australia Confirms U.S. Access to Upgraded Submarine Shipyard Under AUKUS Deal
“Firepower” Promised for Ukraine as NATO Ministers Meet — But U.S. Tomahawks Remain Undecided
Brands Confront New Dilemma as Extremists Adopt Fashion Labels
The Sydney Sweeney and Jeans Storm: “The Outcome Surpassed Our Wildest Dreams”
Erika Kirk Delivers Moving Tribute at White House as Trump Awards Charlie Presidential Medal of Freedom
British Food Influencer ‘Big John’ Detained in Australia After Visa Dispute
ScamBodia: The Chinese Fraud Empire Shielded by Cambodia’s Ruling Elite
French PM Suspends Macron’s Pension Reform Until After 2027 in Bid to Stabilize Government
Orange, Bouygues and Free Make €17 Billion Bid for Drahi’s Altice France Telecom Assets
×