Iranian Group Tortoiseshell Launches New Wave of IMAPLoader Malware Attacks

The Iranian cyber threat actor Tortoiseshell has been linked to a new series of ‘watering hole’ attacks using malware called IMAPLoader. Deployed across compromised legitimate websites, the malware gathers details about visitors and acts as a downloader for further payloads. According to PwC Threat Intelligence, Tortoiseshell has targeted shipping, logistics and financial sectors, using phishing sites aimed at European travel and hospitality sectors to harvest credentials.