TAMECAT: APT42's New PowerShell Backdoor Targeting Military and Government Officials

Article Summary: The Iranian APT42 group is conducting espionage attacks against high-ranking military and government officials using the TAMECAT PowerShell backdoor. This malware features fileless execution, in-memory operation, and Telegram-based C2 channels for covert data exfiltration. This article dissects the attack chain involving VBScript phishing delivery and multi-layer encryption loading, and recommends enterprise EDR deployment, enhanced scripting policies, and security awareness tra