APT34, an Iranian threat group aligned with MOIS, has been using MS Exchange servers to spy on Gulf-state government agencies, particularly in the UAE. Known for targeting major industries in the Middle East, APT34 has shown sophistication in its attacks, including the use of a new backdoor named 'StealHook' to exfiltrate sensitive information. The group's espionage campaigns involve deploying Web shells, exploiting vulnerabilities like CVE-2024-30088 for system-level privileges, and abusing Windows password filters
APT34's strategy includes stealthy exfiltration channels and leveraging stolen credentials to access organizations' MS Exchange servers for data exfiltration and follow-on supply chain attacks. https://www.darkreading.com/cyberattacks-data-breaches/iran-apt34-ms-exchange-spy-gulf-govts