Iranian APT 'BladedFeline' Remains Hidden in Networks for 8 Years

ESET researchers have uncovered the persistent activities of BladedFeline, an Iranian-aligned Advanced Persistent Threat (APT) group, which has maintained covert access to the networks of Kurdish and Iraqi government officials for nearly eight years.

First identified in 2017 through attacks on the Kurdistan Regional Government (KRG), BladedFeline has since evolved into a sophisticated cyberespionage entity, targeting high-ranking officials in Iraq and even a telecommunications provider in Uzbekistan.

Active since at least 2017, the group’s long-term infiltration highlights the challenges of detecting and mitigating state-sponsored threats in geopolitically sensitive regions.

Cyberespionage Targets Kurdish and Iraqi Officials

The discovery of BladedFeline came in 2023 when ESET detected the deployment of its signature Shahmaran backdoor against Kurdish diplomatic officials.

Shahmaran, a 64-bit portable executable found in the target’s Startup directory, lacks encryption or compression for network communications, yet effectively executes commands from its command-and-control (C&C) server ...