Iranian Hackers Use DEEPROOT and TWOSTROKE Malware in Aerospace and Defense Attacks
19.11.2025
17106
UNC1549 uses phishing, third-party breaches, and custom backdoors to infiltrate aerospace, telecom, and defense networks.
🚨 Iranian Hackers Deploy DEEPROOT & TWOSTROKE Malware in High-Stakes Attacks
UNC1549 — an Iranian threat actor — is going hard on aerospace, telecom, and defense sectors using phishing, third-party breaches, and custom backdoors. They're not playing around.
Their toolkit includes DEEPROOT and TWOSTROKE malware — custom-built backdoors designed to slip past defenses and maintain persistent access. This isn't your average script-kiddie stuff; it's state-level espionage with serious tradecraft.
The group leverages compromised third-party vendors and supply chain weak points to get inside target networks. Once in, they move laterally, exfiltrating sensitive data and establishing long-term footholds.
- • Actor: UNC1549 (Iran-linked)
- • Targets: Aerospace, Telecom, Defense
- • Techniques: Phishing, Third-party breaches, Custom backdoors
- • Malware: DEEPROOT, TWOSTROKE
- • Objective: Cyber espionage, data theft, persistent access
Security teams are urged to lock down third-party access, monitor for unusual lateral movement, and deploy endpoint detection that can spot these custom tools. This is a clear reminder: your supply chain is your attack surface.
#supply chain attacks#backdoors#malware#cyber espionage#phishing
Got a topic? Write to ATLA WIRE on Telegram:t.me/atla_community
