Date of report
- October 2021
Affiliations
An Iranian-linked threat actor dubbed MalKamak used a remote access Trojan (RAT) known as ShellClient to target aerospace and telecommunication companies. The RAT employed had been in development since at least 2018 and piggybacked off of Dropbox servers.
Suspected victims
- Aerospace and telecommunication companies across the United States, Russia, Europe, and the Middle East.
Suspected state sponsor
- Iran (Islamic Republic of)
Target category
- Private sector
Victim government reaction
- Unknown