Iranian Cyber Espionage Group Targets Financial and Government Sectors in Middle East

Iran’s Ministry of Intelligence and Security has launched a cyber espionage campaign targeting Middle Eastern sectors. The threat actor, known as Scarred Manticore, has been active since 2019, targeting high-value victims in countries such as Saudi Arabia and the UAE using a malware framework called LIONTAIL. The group has evolved its tactics over time, exemplified by the use of a malicious kernel driver called WINTAPIX to target Microsoft servers.