APT-C-44 is a cyber threat group that has been active since at least 2017.
It is believed to be associated with the Iranian government and has targeted organizations in the Middle East, Europe, and North America.
Attack methods
Spearphishing emails with malicious attachments or links to deliver malware or steal credentials
Web shells and backdoors to gain persistent access to compromised networks and systems
Custom and publicly available tools to perform reconnaissance, lateral movement, data exfiltration, and other malicious activities
DNS tunneling and HTTPS for command and control communication
History
In 2017, APT-C-44 was linked to a campaign that targeted a Saudi Arabian organization and a US-based university with a custom malware called Tonedeaf
In 2018, APT-C-44 was implicated in a campaign that targeted government entities and private companies in Lebanon and the United Arab Emirates with a malware called DNSpionage
In 2019, APT-C-44 was exposed by a hacker group called Lab Dookhtegan, who leaked some of its tools, infrastructure, and operations on Telegram and other platforms
In 2020, APT-C-44 was observed using a new malware called PowGoop to download and execute additional payloads on compromised systems.