Iranian Cyberespionage Targets Iraqi Government Officials

In 2024 the Iranian APT group BladedFeline executed an active cyberespionage campaign against Kurdish and Iraqi government officials, deploying advanced backdoors (Shahmaran, Whisper), abusing compromised email accounts for command-and-control, and using unique C2 channels including DNS tunneling and email-based mechanisms; ESET associates BladedFeline with the OilRig APT, and Check Point observed double-extension files used for initial compromise, indicating sustained, sophisticated nation-state activity that requires continued monitoring.