How are Iranian hackers utilizing Dropbox in a cyber-espionage campaign

1
How are Iranian hackers utilizing Dropbox in a
cyber-espionage campaign?
www.infosectrain.com sales_at_infosectrain.com
2
Security vendor Cybereason published a document
recently indicating Iran's MalKamaki Cyber threat
group has operated in the wild and stayed
undetected by using Dropbox's cloud storage
service since 2018. Companies in the telecoms and
aerospace industries were targeted, including
those in the Middle East, Russia, and Europe.
www.infosectrain.com sales_at_infosectrain.com
3

Cybereason researchers Assaf Dahan, Daniel Frank,
Tom Fakterman, and Chen Erlich wrote in the
report that the intrusions are motivated by a
cyberespionage campaign against a very small set
of carefully selected targets. This can be
affirmed by the fact that very few samples have
been detected in telemetry or in the wild since
2018, as compared to commodity malware, which is
most widely distributed.  "ShellClient," a
Remote Access Trojan (RAT), is the primary tool
used by the group to compromise systems and
spread around networks undetected by antivirus
software. Using Dropbox file storage as a command
and control platform is one of the more
interesting tactics adopted by the group. It is
possible for the malware to control and transfer
files without being detected by network
monitoring tools by running checks every two
seconds via the Dropbox API. In the report, it
was noted that the malware's C2 communications
were quite unique, involving 'cold files' being
saved to a remote Dropbox instead of a common
interactive session. Interestingly, this method
of communication is a form of Operational
Security, as it undermines the ability to track
threat actors' infrastructure by utilizing a
public service like Dropbox

www.infosectrain.com sales_at_infosectrain.com
4

One of the questions raised during the
investigation was, "How far back can the malware
be traced?" the researchers said. "First, it was
assumed to have been developed recently since
there was no publicly accessible documentation or
anything like that." Although the code indicates
that the sample analyzed is version 4.0, this
implies there are several previous versions. Are
you also willing to learn more tricks, tools,
concepts, threats, and attacks, of cybersecurity?
Then join InfosecTrain to get the best quality
training.  InfosecTrain InfosecTrain is a
leading provider of consultancy services,
certifications, and training in information
technology and cyber safety. Our accredited and
skilled trainers will help you understand
cybersecurity and information security and
improve the skills needed. Not only do they give
you the best training, but they will also expose
you to new challenges that will be very helpful
to you in the coming future. Enroll in our Cyber
Security course today to experience the practical
sessions and excellent training from the best
trainers.

www.infosectrain.com sales_at_infosectrain.com
5
About InfosecTrain

• Established in 2016, we are one of the finest
  Security and Technology Training and Consulting
  company
• Wide range of professional training programs,
  certifications consulting services in the IT
  and Cyber Security domain
• High-quality technical services, certifications
  or customized training programs curated with
  professionals of over 15 years of combined
  experience in the domain

www.infosectrain.com sales_at_infosectrain.com
6
Our Endorsements
www.infosectrain.com sales_at_infosectrain.com
7
Why InfosecTrain
Global Learning Partners
Access to the recorded sessions
Certified and Experienced Instructors
Flexible modes of Training
Tailor Made Training
Post training completion
www.infosectrain.com sales_at_infosectrain.com
8
Our Trusted Clients
www.infosectrain.com sales_at_infosectrain.com
9
(No Transcript)
10
Contact us
Get your workforce reskilled by our certified and
experienced instructors!
IND 1800-843-7890 (Toll Free) / US 1
657-722-11127 / UK 44 7451 208413
sales_at_infosectrain.com
www.infosectrain.com