Greenbug is believed to be an Iranian threat actor with ties to the group behind the Shamoon malware. It has previously used off-the-shelf tools and living-off-the-land techniques to gain access to South Asian telecommunication companies’ servers. It has also used custom remote access trojans (RAT) to steal information and credentials from Middle Eastern targets.
Suspected victims
- South Asian telecommunication providers
- Middle Eastern government, aviation, education, and investment organizations
Suspected state sponsor
- Iran (Islamic Republic of)
Read more
- 'Greenbug' hacking group hits three telecom firms in Pakistan
- Sophisticated Espionage Group Turns Attention to Telecom Providers in South Asia
- Researchers find link between cyber espionage group and Saudi hacking campaign
- Greenbug cyberespionage group targeting Middle East, possible links to Shamoon