Researchers have discovered a previously unknown advanced threat actor, probably of Iranian origin, using a previously undocumented RAT targeting largely aerospace and telecommunications organizations. They have named the group MalKamak, and the campaign Operation GhostShell.

Cybereason first detected the threat actor engaged in cyber espionage with the unknown remote access trojan – which it called ShellClient – in July 2021. Initial investigation found the same group targeting aerospace and telecommunications companies in the Middle East. Further investigation found the group also targeting the same sectors in the U.S., Russia, and Europe.