Suspected Iranian Hackers Used Compromised Indian Firm’s Email to Target U.A.E. Aviation Sector

Suspected Iranian hackers, tracked as UNK_CraftyCamel, targeted fewer than five organizations in the United Arab Emirates (U.A.E.) aviation and satellite communications sectors. The attack used a compromised Indian electronics company’s email to deliver a malicious ZIP file containing polyglot files and a Golang backdoor called Sosano. The backdoor, named Sosano, enables remote command execution and file manipulation, highlighting the sophistication of state-aligned actors in evading detection.