Iran-nexus APT Dust Specter targets Iraq officials with new malware

Iranian threat actors, specifically the Dust Specter group, have launched a targeted phishing campaign against Iraqi government officials, leveraging emails that masquerade as communications from the Iraqi Ministry of Foreign Affairs. This campaign delivers multiple new malware families, including SPLITDROP, TWINTASK, TWINTALK, and GHOSTFORM, through complex infection chains. Zscaler ThreatLabz researchers have linked Dust Specter to this activity, which was first observed in January 2026¹. The use of these previously unseen malware families suggests a high degree of sophistication and adaptability among the attackers. The targeting of government officials with such tailored attacks indicates a geopolitical motivation, shifting the threat model from traditional cybercrime to state-aligned activity. This distinction is crucial, as it demands a different response strategy from defenders. The involvement of Iranian threat actors in this campaign underscores the need for practitioners to reassess their threat models and prepare for the unique challenges posed by state-sponsored attacks.