After Symantec released a detailed report on the modus operandi of Iranian cyber espionage group APT33 in March, the threat group made significant changes to its infrastructure, new research by Recorded Future shows.
The changes included the adoption of njRAT, a remote access trojan (RAT) that had not been used by the state-backed hacking collective before. The researchers argue that because “this activity was executed just a day or so after the report went live,” it seems “the Iranian threat actors are acutely aware of the media coverage of their activities and are resourceful enough to be able to react in a quick manner.” Since March, APT33 has been using the new tools in order to target various organizations in Saudi Arabia as well as an Indian mass media company and a diplomatic institution.
Read more: Iran-linked APT33 Shakes Up Cyberespionage Tactics