Iranian threat actor APT 34 targeted Jordanian officials with the novel backdoor Saitama, which abuses the domain name system (DNS) protocol for command and control communications. Masquerading as the Government of Jordan, APT 34 sent an email via Microsoft Outlook with a malicious Excel document that contained the Saitama backdoor to other officials in the Jordanian government.
- Government officials at Jordan’s foreign ministry
Suspected state sponsor
- Iran (Islamic Republic of)
Type of incident
Victim government reaction