WTB: US State Governments Receive Malware-Laden CDs From China Via Snail Mail

August 1, 2018 | Anomali Labs

The intelligence in this week’s iteration discuss the following threats: APT34, Hide n Seek Botnet, LeafMiner, Macro Enabled Malspam, Phishing, and QUADAGENT. The IOCs related to these stories are attached to the WTB and can be used to check your logs for potential malicious activity.

Observed Threats

This section includes the top threats observed from the Anomali Community user base as well as sensors deployed by Anomali Labs. A ThreatStream account is required to view this section. Click here to request a trial. 


The Advanced Persistent Threat (APT) group “APT34” is believed to be an Iranian-based group that has been active since at least 2014. APT34 conducts cyber espionage operations focused on reconnaissance that benefits Iranian nation-state interests. The group works on behalf of the Iranian government. APT34 use a mix of public and non-public tools. There is a possibility that APT34 may be related to the Iranian “Chafer” threat group outlined by Symantec in 2015 due to a shared server.
Anomali Labs
About the Author

Anomali Labs

Get the latest threat intelligence news in your email.