APT42’s Operations Employ “Nicecurl” and “Tamecat” Malwares

Summary:

APT42 has been observed targeting entities in both the Middle East and Western regions, infiltrating their cloud environments and corporate networks using social engineering techniques, particularly by impersonating journalists. Using malicious emails as their primary vector, APT42 infects recipients with two distinct backdoors known as “Nicecurl” and “Tamecat.” Once deployed within the compromised systems, these backdoors provide the attackers with capabilities for data exfiltration and command execution.

Threat Level – Red | Attack Report

To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn.