An Iranian-linked threat actor dubbed MalKamak used a remote access Trojan (RAT) known as ShellClient to target aerospace and telecommunication companies. The RAT employed had been in development since at least 2018 and piggybacked off of Dropbox servers.
- Aerospace and telecommunication companies across the United States, Russia, Europe, and the Middle East.
Suspected state sponsor
- Iran (Islamic Republic of)
- Private sector
Victim government reaction