TA402 Uses Complex IronWind Infection Chains to Target Middle East-Based Government Entities

TA402 has recently employed a new initial access downloader called IronWind, using various infection chains and delivery methods such as Dropbox links, XLL and RAR file attachments, in order to evade detection.