Dust Specter Iraq Foreign Affairs AI impersonation campaign
Campaign
Summary
Hide ▲
Show ▼
Dust Specter targeted Iraqi government officials in a January 2026 campaign that used impersonation, AI tools, and compromised infrastructure to deliver malicious payloads, raising the risk of follow-on compromise. The operation posed as Iraq’s Ministry of Foreign Affairs and used multiple delivery chains to push malware and execute commands. The activity was attributed to Iran with medium to high confidence and shows a coordinated, multi-stage intrusion effort.
Related Happenings
Ghostwriter geofenced PDF spear-phishing campaign targeting Ukrainian government entities
Campaign
First: 14.05.2026 17:00
Last: 14.05.2026 17:00
Sources 1
About this happening:
The **Ghostwriter / FrostyNeighbor** group is running a **geofenced spear-phishing campaign** against **government entities in Ukraine**, and the operation matters because it deli...
Ghostwriter geofenced PDF spear-phishing campaign targeting Ukrainian government entities
CampaignAbout this happening: The **Ghostwriter / FrostyNeighbor** group is running a **geofenced spear-phishing campaign** against **government entities in Ukraine**, and the operation matters because it deli...
ModeloRAT malicious PowerShell and Dropbox delivery activity
Malware Activity
First: 14.05.2026 15:12
Last: 14.05.2026 15:12
Sources 1
About this happening:
The **ModeloRAT** activity now uses a **malicious PowerShell command** and a **Dropbox ZIP payload** to gain persistent footholds, enabling **system reconnaissance**, **screenshot...
ModeloRAT malicious PowerShell and Dropbox delivery activity
Malware ActivityAbout this happening: The **ModeloRAT** activity now uses a **malicious PowerShell command** and a **Dropbox ZIP payload** to gain persistent footholds, enabling **system reconnaissance**, **screenshot...
Malicious LNK GitHub C2 campaign targeting South Korea
Campaign
First: 02.04.2026 16:00
Last: 02.04.2026 16:00
Sources 1
About this happening:
A **malicious LNK-file campaign** targeting **users in South Korea** is using **GitHub as C2** to support persistent access on **Windows** systems. The operation relies on **Power...
Malicious LNK GitHub C2 campaign targeting South Korea
CampaignAbout this happening: A **malicious LNK-file campaign** targeting **users in South Korea** is using **GitHub as C2** to support persistent access on **Windows** systems. The operation relies on **Power...
Velvet Tempest ClickFix malvertising campaign
Campaign
First: 07.03.2026 18:14
Last: 07.03.2026 18:14
Sources 1
About this happening:
**Velvet Tempest** ran a **malvertising**-driven **ClickFix** operation that used obfuscated Windows commands to gain access and stage payloads, making the intrusion chain more ef...
Velvet Tempest ClickFix malvertising campaign
CampaignAbout this happening: **Velvet Tempest** ran a **malvertising**-driven **ClickFix** operation that used obfuscated Windows commands to gain access and stage payloads, making the intrusion chain more ef...
Transparent Tribe AI-assisted implant campaign targeting India
Campaign
First: 06.03.2026 17:11
Last: 06.03.2026 17:11
Sources 1
About this happening:
**Transparent Tribe (APT36)** is using **AI-powered coding tools** to mass-produce disposable implants in an active **campaign** targeting the **Indian government**, its embassies...
Transparent Tribe AI-assisted implant campaign targeting India
CampaignAbout this happening: **Transparent Tribe (APT36)** is using **AI-powered coding tools** to mass-produce disposable implants in an active **campaign** targeting the **Indian government**, its embassies...
Timeline
-
03.03.2026 12:30 2 articles · 2mo ago
Dust Specter campaign disclosed against Iraqi government officials
Initial DisclosureZscaler ThreatLabz reported that the Iran-nexus threat actor Dust Specter targeted Iraqi government officials by impersonating Iraq’s Ministry of Foreign Affairs, used AI tools, abused government-related infrastructure in Iraq to host malicious payloads, and deployed previously undocumented malware including Split Drop, TwinTask, TwinTalk and GhostForm. The researchers also attributed the activity to Iran with medium to high confidence and described attack chains that relied on a password-protected RAR archive, file-based polling, PowerShell execution, and a Google Forms lure.
Show sources
- Iranian Cyber Threat Actor Targets Iraqi Government Officials in AI-Powered Campaign — www.infosecurity-magazine.com — 03.03.2026 12:30
- Dust Specter Targets Iraqi Officials with New SPLITDROP and GHOSTFORM Malware — thehackernews.com — 05.03.2026 14:01