GHOSTPULSE malware loader deployed via fraudulent MSIX app packages

Iranian state-backed threat operation Tortoiseshell (TA456), has launched new watering hole attacks to distribute the IMAPLoader malware. This operation is also known as Imperial Kitten, Yellow Liderc, and Crimson Sandstorm.