Anti-Malware Research Whitepapers

Iranian Chafer APT Targeted Air Transportation and Government in Kuwait and Saudi Arabia

Iranian Chafer APT Targeted Air Transportation and Government in Kuwait and Saudi Arabia

Bitdefender researchers have found attacks conducted by the Chafer APT threat group – known to have an apparent Iranian link – in the Middle East region, dating back to 2018. The campaigns were based on several tools, including “living off the land” tools, which makes attribution difficult, as well as different hacking tools and a custom built backdoor.

Victims of the analyzed campaigns fit into the pattern preferred by this actor, such as air transport and government sectors in the Middle East.

During one analyzed incident, the operation potentially lasted more than one and a half years, during which time the APT group deployed various tools for persistence and lateral movement.

Some of the most interesting findings of the investigation involve attacker activity that occurred during weekends and attacker-created user accounts, with a potential end goal of data exploration and exfiltration.

Key findings:

  • Campaign targeted air transportation and government
  • Attacker activity occurred on weekends
  • In the Kuwait attack, threat actors created their own user account
  • The Saudi Arabia attack relied on social engineering to compromise victims
  • The end goal of both attacks was likely data exploration and exfiltration

For the full report and the complete analysis of the analyzed components, please check the research paper available below. An up-to-date and complete list of indicators of compromise is available to Bitdefender Advanced Threat Intelligence users.

Download the whitepaper

About the author


Liviu Arsene is the proud owner of the secret to the fountain of never-ending energy. That's what's been helping him work his everything off as a passionate tech news editor for the past couple of years. He is the youngest and most restless member of the Bitdefender writer team and he covers mobile malware and security topics with fervor and a twist. His passions revolve around gadgets and technology, and he's always ready to write about what's hot and trendy out there in geek universe.

About the author

Bogdan Rusu

Bogdan Rusu is a Security Researcher whose daily activities revolve around analyzing Advanced Persistent Threats and actively being involved in cybercrime investigations. With a bachelor's degree in Computer Science, he is currently pursuing a Master's Degree as well. He enjoys writing code, finding out how things works by tearing them apart and peeking behind the curtain, and he loves tinkering by automating things.

Add Comment

Click here to post a comment