Dust Specter Conducts Malware Campaign Targeting Iraq

In January 2026, Zscaler ThreatLabz reported activity by a suspected Iran-nexus threat actor tracked as Dust Specter targeting Iraqi government officials by impersonating Iraq’s Ministry of Foreign Affairs. ThreatLabz discovered previously undocumented malware families—SPLITDROP, TWINTASK, TWINTALK, and GHOSTFORM—and detailed two attack chains, randomized C2 URIs, geofencing, User-Agent checks, and generative-AI fingerprints. The campaign hosted payloads on compromised Iraq government infrastructure, indicating targeted espionage risk.