Iranian Hackers Use DEEPROOT and TWOSTROKE Malware in Aerospace and Defense Attacks
19.11.2025
17108
UNC1549 uses phishing, third-party breaches, and custom backdoors to infiltrate aerospace, telecom, and defense networks.
π¨ Iranian Hackers Deploy DEEPROOT & TWOSTROKE Malware in High-Stakes Attacks
UNC1549 β an Iranian threat actor β is going hard on aerospace, telecom, and defense sectors using phishing, third-party breaches, and custom backdoors. They're not playing around.
Their toolkit includes DEEPROOT and TWOSTROKE malware β custom-built backdoors designed to slip past defenses and maintain persistent access. This isn't your average script-kiddie stuff; it's state-level espionage with serious tradecraft.
The group leverages compromised third-party vendors and supply chain weak points to get inside target networks. Once in, they move laterally, exfiltrating sensitive data and establishing long-term footholds.
- β’ Actor: UNC1549 (Iran-linked)
- β’ Targets: Aerospace, Telecom, Defense
- β’ Techniques: Phishing, Third-party breaches, Custom backdoors
- β’ Malware: DEEPROOT, TWOSTROKE
- β’ Objective: Cyber espionage, data theft, persistent access
Security teams are urged to lock down third-party access, monitor for unusual lateral movement, and deploy endpoint detection that can spot these custom tools. This is a clear reminder: your supply chain is your attack surface.
#supply chain attacks#backdoors#malware#cyber espionage#phishing
Got a topic? Write to ATLA WIRE on Telegram:t.me/atla_community
