{"id":37786,"date":"2020-10-21T16:00:00","date_gmt":"2020-10-21T16:00:00","guid":{"rendered":"https:\/\/www.darkreading.com\/vulnerabilities---threats\/advanced-threats\/iranian-cyberattack-group-deploys-new-powgoop-downloader-against-mideast-targets\/d\/d-id\/1339232"},"modified":"2020-10-21T16:00:00","modified_gmt":"2020-10-21T16:00:00","slug":"iranian-cyberattack-group-deploys-new-powgoop-downloader-against-mideast-targets","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/iranian-cyberattack-group-deploys-new-powgoop-downloader-against-mideast-targets\/","title":{"rendered":"Iranian Cyberattack Group Deploys New PowGoop Downloader Against Mideast Targets"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/twimgs.com\/nojitter\/darkreading\/dr-logo.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<header><\/header>\n<p><span class=\"strong black\">Seedworm Group, aka MuddyWater, is also deploying commodity ransomware as part of espionage attacks on companies and government agencies in the Middle East region.<\/span><\/p>\n<p class>An Iranian cyberattack group known as Seedworm \u2014 thought to be linked to Iran&#8217;s government \u2014 has started using new tools, including a custom download utility and commodity ransomware, as part of their attacks on companies and government agencies in the broader Middle East region, according to Broadcom&#8217;s Symantec division.<\/p>\n<p>Seedworm appears to be deploying several variants of a new downloader, known as PowGoop, to more recent targets, Symantec researchers stated in an analysis published. The software downloads and decrypts obfuscated PowerShell scripts to run on compromised systems, using the common utility as a way to execute code. In addition, the group is deploying ransomware, known as Thanos, which first appeared for sale earlier this year and appears to be used by Seedworm for its destructive capabilities, the researchers said.<\/p>\n<p>The use of the malicious program does not necessarily indicate a shift to ransomware-based cybercrime for the group, but rather an adoption of a broader variety of tactics for countering defensive measures, says Vikram Thakur, Symantec&#8217;s technical director.&nbsp;<\/p>\n<p>&#8220;Looking at Seedworm&#8217;s history, it is apparent they&#8217;ve been focused on Middle East-based government organizations for years,&#8221; he says. &#8220;We &#8230; don&#8217;t believe that they are directly focused on monetary gain. From our standpoint, the Thanos victim organizations [represent] very few [targets] \u2014 just a handful at the most.&#8221;<\/p>\n<p>The Symantec analysis is part of the security industry&#8217;s attempt to attribute specific tactics, techniques, and procedures (TTPs) to particular adversary groups. While the Thanos ransomware is a commodity program offered for sale in underground forums, the PowGoop backdoor program for downloading scripts is custom software made by the group, Symantec stated in its analysis. The company published more than 30 indicators of compromise in the analysis, about half of which related to PowGoop.&nbsp;<\/p>\n<p>The researchers were only moderately confident, however, in attributing PowGoop to the Iranian state actor.<\/p>\n<p>&#8220;Seedworm has been one of the most active Iran-linked groups in recent months, mounting apparent intelligence-gathering operations across the Middle East,&#8221; Symantec researchers <a href=\"https:\/\/symantec-enterprise-blogs.security.com\/blogs\/threat-intelligence\/seedworm-apt-iran-middle-east\" target=\"_blank\" rel=\"noopener noreferrer\">stated in their analysis<\/a>. &#8220;While the connection between PowGoop and Seedworm remains tentative, it may suggest some retooling on Seedworm&#8217;s part. Any organizations who do find evidence of PowGoop on their networks should exercise extreme caution and perform a thorough investigation.&#8221;<\/p>\n<p>PowGoop appears to be part of the Seedworm group&#8217;s development of a suite of custom tools for compromising targets and extending their infiltration into networks. The dynamically linked library is installed by a remote execution tool, known as Remadmin, often posing as a Google update archive. The software decodes PowerShell scripts and then executes them, allowing the attackers to move laterally through a network after the initial compromise.&nbsp;<\/p>\n<p>&#8220;There is nothing sophisticated about PowGoop aside from it being custom-made and that it uses multiple layers of encoded PowerShell scripts to effectively download and execute PS-based payloads,&#8221; Thakur says.<\/p>\n<p>PowGoop has also been detected by other companies. Security firm Palo Alto Networks linked PowGoop to two ransomware attacks on companies in the Middle East and North Africa <a href=\"https:\/\/unit42.paloaltonetworks.com\/thanos-ransomware\/\" target=\"_blank\" rel=\"noopener noreferrer\">in early September<\/a>.<\/p>\n<p>In addition, the company confirmed sightings of the Thanos ransomware detected by threat intelligence firm Recorded Future in February. The developers of the ransomware program advertised it for sale on underground forums, likely meaning the ransomware will be used by multiple groups, the companies stated. Palo Alto Networks&#8217; analysis concluded, however, that the ransomware is often used for its destructive capabilities.&nbsp;<\/p>\n<p>&#8220;The interesting part of the overwriting of the MBR [master boot record] in this specific sample is that it does not work correctly, which can be blamed on either a programming error or the custom message included by the actor,&#8221; Palo Alto Networks <a href=\"https:\/\/unit42.paloaltonetworks.com\/thanos-ransomware\/\" target=\"_blank\" rel=\"noopener noreferrer\">stated in its analysis<\/a>. &#8220;We confirmed that after changing this single character, the MBR overwriting functionality works, which results in the following being displayed instead of Windows booting correctly.&#8221;<\/p>\n<p>Changing tools sets and destructive attacks are common tactics to confuse attribution and slow incident response. Such countermeasures have become increasingly common, with 82% of incident response (IR) engagements including counter-IR tactics and 54% utilizing destructive elements to slow response, according to <a href=\"https:\/\/www.carbonblack.com\/press-releases\/vmware-releases-global-incident-response-threat-report-detailing-surge-in-sophisticated-cyberattacks-as-ecrime-groups-grow-more-powerful\/\" target=\"_blank\" rel=\"noopener noreferrer\">a new report by security firm VMware Carbon Black<\/a>. In addition, half of all attacks use custom malware \u2014 in the same way Seedworm uses PowGoop \u2014 the report stated.&nbsp;<\/p>\n<p>While Seedworm does not appear to be involved in attacks on US elections, that remains a concern among incident responders, with Iran, at 19%, the No. 3 most worrisome aggressor, behind Russia (58%) and North Korea (27%).<\/p>\n<p><span class=\"italic\">Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT&#8217;s Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline &#8230; <a href=\"https:\/\/www.darkreading.com\/author-bio.asp?author_id=1161\">View Full Bio<\/a><\/span><\/p>\n<p><strong>Recommended Reading:<\/strong><\/p>\n<p><span class=\"smaller strong red allcaps\">More Insights<\/span><\/p>\n<p>Read More <a href=\"https:\/\/www.darkreading.com\/vulnerabilities---threats\/advanced-threats\/iranian-cyberattack-group-deploys-new-powgoop-downloader-against-mideast-targets\/d\/d-id\/1339232?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Seedworm Group, aka MuddyWater, is also deploying commodity ransomware as part of espionage attacks on companies and government agencies in the Middle East region. Read More <a href=\"https:\/\/www.darkreading.com\/vulnerabilities---threats\/advanced-threats\/iranian-cyberattack-group-deploys-new-powgoop-downloader-against-mideast-targets\/d\/d-id\/1339232?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple\">HERE<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[151],"tags":[],"class_list":["post-37786","post","type-post","status-publish","format-standard","hentry","category-darkreading-ti"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Iranian Cyberattack Group Deploys New PowGoop Downloader Against Mideast Targets 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/iranian-cyberattack-group-deploys-new-powgoop-downloader-against-mideast-targets\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Iranian Cyberattack Group Deploys New PowGoop Downloader Against Mideast Targets 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/iranian-cyberattack-group-deploys-new-powgoop-downloader-against-mideast-targets\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2020-10-21T16:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/twimgs.com\/nojitter\/darkreading\/dr-logo.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/iranian-cyberattack-group-deploys-new-powgoop-downloader-against-mideast-targets\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/iranian-cyberattack-group-deploys-new-powgoop-downloader-against-mideast-targets\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Iranian Cyberattack Group Deploys New PowGoop Downloader Against Mideast Targets\",\"datePublished\":\"2020-10-21T16:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/iranian-cyberattack-group-deploys-new-powgoop-downloader-against-mideast-targets\\\/\"},\"wordCount\":825,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/iranian-cyberattack-group-deploys-new-powgoop-downloader-against-mideast-targets\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/twimgs.com\\\/nojitter\\\/darkreading\\\/dr-logo.jpg\",\"articleSection\":[\"DarkReading |TI\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/iranian-cyberattack-group-deploys-new-powgoop-downloader-against-mideast-targets\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/iranian-cyberattack-group-deploys-new-powgoop-downloader-against-mideast-targets\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/iranian-cyberattack-group-deploys-new-powgoop-downloader-against-mideast-targets\\\/\",\"name\":\"Iranian Cyberattack Group Deploys New PowGoop Downloader Against Mideast Targets 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/iranian-cyberattack-group-deploys-new-powgoop-downloader-against-mideast-targets\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/iranian-cyberattack-group-deploys-new-powgoop-downloader-against-mideast-targets\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/twimgs.com\\\/nojitter\\\/darkreading\\\/dr-logo.jpg\",\"datePublished\":\"2020-10-21T16:00:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/iranian-cyberattack-group-deploys-new-powgoop-downloader-against-mideast-targets\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/iranian-cyberattack-group-deploys-new-powgoop-downloader-against-mideast-targets\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/iranian-cyberattack-group-deploys-new-powgoop-downloader-against-mideast-targets\\\/#primaryimage\",\"url\":\"https:\\\/\\\/twimgs.com\\\/nojitter\\\/darkreading\\\/dr-logo.jpg\",\"contentUrl\":\"https:\\\/\\\/twimgs.com\\\/nojitter\\\/darkreading\\\/dr-logo.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/iranian-cyberattack-group-deploys-new-powgoop-downloader-against-mideast-targets\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Iranian Cyberattack Group Deploys New PowGoop Downloader Against Mideast Targets\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Iranian Cyberattack Group Deploys New PowGoop Downloader Against Mideast Targets 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/iranian-cyberattack-group-deploys-new-powgoop-downloader-against-mideast-targets\/","og_locale":"en_US","og_type":"article","og_title":"Iranian Cyberattack Group Deploys New PowGoop Downloader Against Mideast Targets 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/iranian-cyberattack-group-deploys-new-powgoop-downloader-against-mideast-targets\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2020-10-21T16:00:00+00:00","og_image":[{"url":"https:\/\/twimgs.com\/nojitter\/darkreading\/dr-logo.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/iranian-cyberattack-group-deploys-new-powgoop-downloader-against-mideast-targets\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/iranian-cyberattack-group-deploys-new-powgoop-downloader-against-mideast-targets\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Iranian Cyberattack Group Deploys New PowGoop Downloader Against Mideast Targets","datePublished":"2020-10-21T16:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/iranian-cyberattack-group-deploys-new-powgoop-downloader-against-mideast-targets\/"},"wordCount":825,"commentCount":0,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/iranian-cyberattack-group-deploys-new-powgoop-downloader-against-mideast-targets\/#primaryimage"},"thumbnailUrl":"https:\/\/twimgs.com\/nojitter\/darkreading\/dr-logo.jpg","articleSection":["DarkReading |TI"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.threatshub.org\/blog\/iranian-cyberattack-group-deploys-new-powgoop-downloader-against-mideast-targets\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/iranian-cyberattack-group-deploys-new-powgoop-downloader-against-mideast-targets\/","url":"https:\/\/www.threatshub.org\/blog\/iranian-cyberattack-group-deploys-new-powgoop-downloader-against-mideast-targets\/","name":"Iranian Cyberattack Group Deploys New PowGoop Downloader Against Mideast Targets 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/iranian-cyberattack-group-deploys-new-powgoop-downloader-against-mideast-targets\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/iranian-cyberattack-group-deploys-new-powgoop-downloader-against-mideast-targets\/#primaryimage"},"thumbnailUrl":"https:\/\/twimgs.com\/nojitter\/darkreading\/dr-logo.jpg","datePublished":"2020-10-21T16:00:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/iranian-cyberattack-group-deploys-new-powgoop-downloader-against-mideast-targets\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/iranian-cyberattack-group-deploys-new-powgoop-downloader-against-mideast-targets\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/iranian-cyberattack-group-deploys-new-powgoop-downloader-against-mideast-targets\/#primaryimage","url":"https:\/\/twimgs.com\/nojitter\/darkreading\/dr-logo.jpg","contentUrl":"https:\/\/twimgs.com\/nojitter\/darkreading\/dr-logo.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/iranian-cyberattack-group-deploys-new-powgoop-downloader-against-mideast-targets\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Iranian Cyberattack Group Deploys New PowGoop Downloader Against Mideast Targets"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/37786","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=37786"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/37786\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=37786"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=37786"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=37786"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}