BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

Iranian Hackers Target Iraqi Officials via Custom Malware

Iran-aligned Dust Specter targets Iraqi officials with novel AI-assisted malware.

  • A suspected Iran-nexus threat actor, tracked as Dust Specter, impersonated Iraq’s Ministry of Foreign Affairs to target government officials with new malware.
  • The campaign deployed four distinct malware families—SPLITDROP, TWINTASK, TWINTALK, and GHOSTFORM—using Iraqi government infrastructure to host payloads.
  • Evidence within the malware’s source code suggests generative AI tools may have assisted in its development.
  • The attacks employed advanced evasion, including geofencing, delayed execution, and file-based polling for command retrieval.

A suspected Iran-nexus actor code-named Dust Specter targeted Iraqi government officials in January 2026, deploying never-before-seen malware in a sophisticated impersonation campaign. Zscaler ThreatLabz observed this activity, which used two distinct infection chains to ultimately deliver a suite of malicious tools.

- Advertisement -

The first chain began with a password-protected RAR archive containing the SPLITDROP dropper. Consequently, this module delivered the TWINTASK worker and TWINTALK command orchestrator to compromised systems.

TWINTASK, a malicious DLL, sideloaded via a legitimate binary to poll a local file every 15 seconds for new commands. Security researcher Sudeep Singh said the actors used randomly generated URI paths with checksums to verify infected systems.

Meanwhile, TWINTALK’s role was to communicate with the command-and-control server for new instructions. Its C2 server also utilized geofencing techniques and User-Agent verification to avoid detection.

The second attack chain represented an evolution, consolidating functionality into a single binary called GHOSTFORM. However, this variant uniquely embedded a hard-coded Google Forms URL that launched a fake Arabic-language survey upon execution.

- Advertisement -

Analysis of the malware source code revealed placeholder values, emojis, and Unicode text. This suggests generative artificial intelligence tools may have been used to assist with the malware’s development.

Furthermore, the C2 domain was previously used in a July 2025 campaign hosting a fake Cisco Webex invitation. This earlier attack used a ClickFix-style script to fetch and schedule a malicious payload on the host.

Attribution to an Iran-nexus group is based on their history of developing custom .NET backdoors and using compromised Iraqi infrastructure. Zscaler stated this campaign was attributed with medium-to-high confidence to Dust Specter.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

Saylor and Back oppose BIP-110 fork over Bitcoin security fears

Michael Saylor and Adam Back have publicly opposed BIP-110, a temporary Bitcoin fork proposal...

China, India groups target Pakistani police in cyber espionage

Suspected China- and India-aligned threat actors targeted Pakistani law enforcement in a sustained cyber...

AMD Stock Dips 10% Amid AI Volatility Ahead of Q3 Earnings

AMD stock fell nearly 10% from $580 on June 30 to roughly $516 by...

Bitcoin Creator Back Warns BIP-110 Data Limit Could Split Network

Adam Back said Bitcoin has "robustly rejected" BIP-110, arguing the proposal conflicts with the...

Analyst Says Bitcoin Bear Market Nearing End as Momentum Slows

Bitcoin may be entering the latter stages of the bear market as downside momentum...

Must Read

The 10 Best Crypto Podcasts You Can’t Miss

Table of ContentsBest Cryptocurrency Podcasts To Add To Your Playing List1. The Money Movement2. The Crypto Conversation3. The Pomp Podcast4. What Bitcoin Did5. The...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading