Suspected Iranian Actor Targeting Israeli Shipping, Healthcare, Government and Energy Sectors
released on 2022-08-18 @ 10:56:10 AM
Security researchers have been tracking UNC3890, a cluster of activity targeting Israeli shipping, government, energy and healthcare organizations via social engineering lures and a potential watering hole. UNC3890 uses at least two unique tools: a backdoor named SUGARUSH, and a browser credential stealer, which exfiltrates stolen data via Gmail, Yahoo and Yandex email services, named SUGARDUMP.