New Campaign Targets Middle East Governments with IronWind Malware

Phishing campaigns targeting government entities in the Middle East are deploying a new downloader known as IronWind. The operation, tracked by cybersecurity firm Proofpoint as TA402, is an advanced persistent threat group that historically operates in Palestinian interests. Recent campaigns involve the use of compromised email accounts, Dropbox links, and file attachments to deploy IronWind. This marks a change from previous methods, which used a backdoor code named NimbleMamba.