A new report from cybersecurity company Proofpoint identified the actor as part of state-sponsored espionage against defense “industrial base” contractors doing work related to the Middle East.
Identified as TA456, the state actor first established a relationship with an employee at a subsidiary of the defense contractor. Luego, in early June 2021, attempted to “capitalize on this relationship” by sending the employee malware as part of an “ongoing email communication chain,” de acuerdo a Proofpoint.
