Security researchers from the American-Israeli cybersecurity firm Check Point Software Technologies Ltd. revealed in March that they had uncovered evidence of digital intrusions targeting Iraqi government agencies. The attacks, they allege, were carried out by the hacking group APT34 — alternatively known as OilRig, Helix Kitten, or MuddyWater — with long-standing ties to Iran’s Ministry of Intelligence and Security (MOIS).
The operation against the Iraqi government reportedly commenced no later than March 2024, with cybersecurity analysts discovering three distinct custom-built backdoors — Veaty, Spearal, and a third unnamed tool used for Secure Shell (SSH) tunneling — uploaded to VirusTotal. The malicious executables employed deceptive double extensions to masquerade as harmless document files, a tactic strongly indicating phishing emails as the primary attack vector.
Recent intelligence suggests these cyber operations have persisted into 2025, with a parallel APT34 cell simultaneously targeting Yemeni entities. Check Point analysts interpret this pattern as evidence of Iran applying the principle of “keeping friends close while keeping enemies even closer” through cyber espionage against its immediate neighbors such as Iraq and Yemen.
However, given that these nations maintain close bilateral relations — rooted in shared religious, political, and economic ties — the allegations made by the American-Israeli firm appear to be a transparent effort to drive a wedge between Iran and its regional partners in the Middle East.
With Middle Eastern tensions reaching new heights, such claims may well be part of a broader pressure strategy against Iran orchestrated by its geopolitical adversaries — Israel and the U.S. — spearheaded by the Trump administration.