An Iran-nexus cyber espionage group known as UNC1549 has been attributed to a new campaign targeting European telecommunications companies, successfully infiltrating 34 devices across 11 organizations as part of a recruitment-themed activity on LinkedIn.

Swiss cybersecurity company PRODAFT is tracking the cluster under the name Subtle Snail . It's assessed to be affiliated with Iran's Islamic Revolutionary Guard Corps (IRGC). The targeted 11 companies are located in Canada, France, the United Arab Emirates, the United Kingdom, and the United States.

"The group operates by posing as HR representatives from legitimate entities to engage employees, then compromises them through deployment of a MINIBIKE backdoor variant that communicates with command-and-control (C2) infrastructure proxied

See Full Page