This blog details suspected Iranian espionage activity since June 2022 targeting aerospace, aviation and defense entities in Israel, UAE and potentially Turkey, India and Albania. The campaign involves social engineering to deploy two backdoors, MINIBIKE and MINIBUS, and extensive use of Azure infrastructure for command and control. The activity shows potential links to Iranian actor UNC1549, which overlaps with IRGC-affiliated Tortoiseshell. The targeting focuses on sectors of strategic interest to Iran and the evasion tactics aim to mask the malicious operations.

Click here for details.