Dust Specter Conducts Malware Campaign Targeting Iraq

In January 2026, Zscaler ThreatLabz reported activity by a suspected Iran-nexus threat actor tracked as Dust Specter targeting Iraqi government officials by impersonating Iraq’s Ministry of Foreign Affairs. ThreatLabz discovered previously undocumented malware families—SPLITDROP, TWINTASK, TWINTALK, and GHOSTFORM—and detailed two attack chains, randomized C2 URIs, geofencing, User-Agent checks, and generative-AI fingerprints. The campaign hosted payloads on compromised Iraq government infrastructure, indicating targeted espionage risk.
Key Points
- 1Identified four novel malware families: SPLITDROP, TWINTASK, TWINTALK, and GHOSTFORM
- 2Used Iraq government infrastructure and MFA impersonation to distribute payloads, indicating targeted political espionage
- 3Employs advanced evasion, randomized C2 URIs, geofencing, User-Agent checks, and generative-AI-coded artifacts
Scoring Rationale
High novelty and actionable technical detail, but limited geographic scope and only moderate AI relevance reduce broader industry impact.
Sources
Public references used for this report.
Practice interview problems based on real data
1,625 SQL & Python problems across 15 industry datasets — the exact type of data you work with.
Try 250 free problems

