| SYMBOL | COMMON_NAME | aka. SYNONYMS |
BladedFeline is an Iran-aligned APT group that has been active since at least 2017, targeting Iraqi and Kurdish government officials for cyberespionage. The group employs a variety of tools, including the Shahmaran backdoor, Whisper, and PrimeCache, which is a malicious IIS module. BladedFeline utilizes techniques such as spearphishing (T1566), exploiting public-facing applications (T1190), and timestomping to maintain access and exfiltrate data. The group is assessed with medium confidence to be a subgroup of OilRig, focusing on strategic access to high-ranking officials in the region.
There are currently no families associated with this actor.
| 2025-06-05
⋅
ESET Research
⋅
BladedFeline: Whispering in the dark Hawking RDAT Spereal Veaty BladedFeline |