Summary

A threat actor suspected to have ties to Iran, named Dust Specter, has launched a campaign targeting Iraqi government officials. The attackers impersonated Iraq's Ministry of Foreign Affairs to distribute new malware strains, SPLITDROP and GHOSTFORM.

Key Points

• The campaign was observed by Zscaler ThreatLabz in January 2026.
• Dust Specter is the name given to this cluster of malicious activity.
• The attackers used impersonation tactics, posing as Iraq's Ministry of Foreign Affairs.
• Two new malware strains, SPLITDROP and GHOSTFORM, were identified in the attacks.

Analysis

This campaign highlights the ongoing geopolitical tensions and the use of cyber operations as a tool for state-sponsored espionage. The use of novel malware strains such as SPLITDROP and GHOSTFORM suggests a sophisticated threat actor with significant resources. The targeting of government officials underscores the potential for significant information theft and disruption.

Conclusion

IT professionals should be vigilant against phishing and impersonation tactics, particularly those that target government entities. Implementing robust email security measures and educating users on recognizing such threats are crucial steps in mitigating these risks.