#APT34 – Xynik

Earth Simnavaz (aka APT34) Levies Advanced Cyberattacks Against Middle East

October 22, 2024 by Xynik

October 22, 2024 at 09:22AM Trend Micro reports that the cyber espionage group Earth Simnavaz (APT34/OilRig) has intensified its attacks on Middle Eastern infrastructure, particularly in the energy sector. They exploit Microsoft Exchange vulnerabilities and utilize sophisticated tools like PowerShell scripts to evade detection, seeking persistent access to compromised networks for espionage. ### Meeting Notes … Read more

Iran’s APT34 Abuses MS Exchange to Spy on Gulf Gov’ts

October 17, 2024 by Xynik

October 17, 2024 at 02:08AM APT34, an Iranian threat group, has intensified its espionage targeting Gulf-state entities, especially in the UAE. Utilizing sophisticated techniques, including malware like StealHook and exploiting Windows vulnerabilities, APT34 effectively exfiltrates sensitive data. Their methods risk broader attacks via compromised networks, exploiting inter-agency trust within government organizations. ### Meeting Takeaways 1. … Read more

Iranian hackers now exploit Windows flaw to elevate privileges

October 13, 2024 by Xynik

October 13, 2024 at 11:39AM Iranian hacking group APT34, also known as OilRig, has intensified attacks on UAE government and critical infrastructure, utilizing a new backdoor to exploit Microsoft Exchange servers and a Windows vulnerability (CVE-2024-30088). Trend Micro indicates links to another Iran-based group, FOX Kitten, raising concerns over potential ransomware threats. **Meeting Takeaways: APT34 … Read more

OilRig Exploits Windows Kernel Flaw in Espionage Campaign Targeting UAE and Gulf

October 13, 2024 by Xynik

October 13, 2024 at 06:54AM OilRig, an Iranian cyber threat actor, has exploited a patched Windows Kernel vulnerability (CVE-2024-30088) in a cyber espionage campaign targeting the U.A.E. and Gulf region. Using sophisticated tactics, including a backdoor named STEALHOOK, they siphon credentials via Microsoft Exchange servers, aiming to maintain persistent access to compromised networks. ### Meeting … Read more

Earth Simnavaz (aka APT34) Levies Advanced Cyberattacks Against UAE and Gulf Regions

October 11, 2024 by Xynik

October 11, 2024 at 02:07PM Trend Micro has been tracking Earth Simnavaz (APT34/OilRig), a cyber espionage group targeting UAE government entities. Their sophisticated methods include utilizing backdoors, exploiting vulnerabilities, and employing RMM tools like ngrok for data exfiltration. Recent activities indicate a focus on critical infrastructure vulnerabilities to advance espionage goals in the region. ### … Read more

Earth Simnavaz Levies Advanced Cyberattacks Against UAE and Gulf Regions

October 11, 2024 by Xynik

October 11, 2024 at 03:51AM Trend Micro reports on Earth Simnavaz (APT34), a cyber espionage group targeting UAE government entities, using sophisticated tactics like backdoor malware exploiting CVE-2024-30088. The group steals credentials via Microsoft Exchange servers, employing tools to evade detection. Their activities emphasize threats to critical infrastructure amidst geopolitical tensions in the Gulf region. … Read more

Iranian Cyber Group OilRig Targets Iraqi Government in Sophisticated Malware Attack

September 12, 2024 by Xynik

September 12, 2024 at 07:18AM Iranian state-sponsored threat actor OilRig targeted Iraqi government networks in a sophisticated cyber attack. The group, also known as APT34, employed a range of custom backdoors and a new set of malware families in the campaign. The attacks involved unique command-and-control mechanisms and aimed to execute PowerShell commands and harvest … Read more

Iranian ‘Seedworm’ Cyber Spies Target African Telcos & ISPs

December 20, 2023 by Xynik

December 20, 2023 at 12:33PM Iran-backed cyberespionage group, Seedworm, is targeting telecommunication organizations in North and East Africa, using tools like PowerShell, SimpleHelp, and Venom Proxy. Seedworm has been active since 2017 and previously linked to Iran’s MOIS. This group typically relies on spear-phishing emails containing various legitimate remote administration tools. Seedworm’s targets include government … Read more

Iranian Hackers Lurked for 8 Months in Government Network

October 20, 2023 by Xynik

October 20, 2023 at 09:24AM Symantec’s cybersecurity unit, Broadcom, has reported that the Iran-linked hacking group Crambus spent eight months infiltrating a Middle Eastern government’s compromised network. Crambus, also known as APT34 and MuddyWater, conducted espionage operations on behalf of the Iranian government. The attackers deployed various malware, including a PowerShell backdoor called PowerExchange, and … Read more

Iranian hackers lurked in Middle Eastern govt network for 8 months

October 19, 2023 by Xynik

October 19, 2023 at 12:45PM Iranian hacking group MuddyWater, also known as APT34 or OilRig, breached a Middle Eastern government network and maintained access for eight months. They used a PowerShell backdoor called PowerExchange to steal passwords and data, and blend in with typical network traffic. They also utilized other tools such as Backdoor.Tokel, Trojan.Dirps, … Read more