What about Iran? One Word Document, Three Backdoors cover art

What about Iran? One Word Document, Three Backdoors

What about Iran? One Word Document, Three Backdoors

Listen for free

View show details

Every big nation state has a cyber army: China, Russia, the US, Europe. But what about Iran? Meet Boggy Serpens, a group tied to Iran’s civilian intelligence service whose entire business is breaking in and staying in, then handing the keys to whoever strikes next.
Their playbook, Operation OLALAMPO, needs just one booby-trapped Word document to plant three separate backdoors on your network.

  • A Telegram-bot command channel that hides inside everyday encrypted chat traffic, a Rust “Ghost” backdoor built to defeat analysis, and a legitimate AnyDesk install quietly turned against you.
  • The layered defense for every stage: email and file controls, behavioral EDR, egress policy, threat intel, and Zero Trust segmentation.
  • The twist: why this operation mostly failed, plus the tells that the malware was partly written with AI.

Filmed live at the ON2IT SOC, host Lieuwe Jan Koning runs a red team vs blue team session with analysts Yuri Wit, the “proxy Iranian” attacker, and Rob Maas on defense. Watch the full episode to see each move, and the exact control that stops it.

🔗 Episode resources, transcript and show notes: https://threat-talks.com 🎙️ Subscribe to the podcast on Spotify, Apple Podcasts, or your podcast app of choice.

Threat Talks is a podcast by ON2IT cybersecurity and AMS-IX. We delve deep into the dynamic world of cybersecurity, one episode at a time. New episode every Tuesday.

Chapters (paste into YouTube description)

00:00 Every nation state has a cyber army: what about Iran?
00:21 Meet the guests: Yuri (red team) and Rob (blue team)
01:17 Boggy Serpens and Operation OLALAMPO: Iran's access brokers
04:20 Infection via Office macros, and the social-engineering layer
07:18 You opened the document: three payloads
08:06 Backdoor 1: Telegram-bot command and control
12:55 Backdoor 2: the Rust "Ghost" backdoor, and why it's so hard to analyze
16:03 Backdoor 3: legitimate AnyDesk, pre-loaded for the attacker
17:59 Zero Trust and network segmentation
18:59 Did it work? AI tells, and staying vigilant

adbl_web_anon_alc_button_suppression_t1
No reviews yet