Iran-linked hackers target Israel with MURKYTOUR malware via fake job campaign

The Iran-nexus threat actor known as UNC2428 has been observed delivering a backdoor known as MURKYTOUR as part of a job-themed social engineering campaign aimed at Israel in October 2024.

Google-owned Mandiant described UNC2428 as a threat actor aligned with Iran that engages in cyber espionage-related operations. The intrusion set is said to have distributed the malware through a “complex chain of deception techniques.”

“UNC2428’s social engineering campaign targeted individuals while posing as a recruitment opportunity from Israeli defense contractor, Rafael,” the company said in its annual M-Trends report for 2025.

Read more at The Hacker News