#OilRig – Xynik

Earth Simnavaz (aka APT34) Levies Advanced Cyberattacks Against Middle East

October 22, 2024 by Xynik

October 22, 2024 at 09:22AM Trend Micro reports that the cyber espionage group Earth Simnavaz (APT34/OilRig) has intensified its attacks on Middle Eastern infrastructure, particularly in the energy sector. They exploit Microsoft Exchange vulnerabilities and utilize sophisticated tools like PowerShell scripts to evade detection, seeking persistent access to compromised networks for espionage. ### Meeting Notes … Read more

Iranian Cyberspies Exploiting Recent Windows Kernel Vulnerability

October 14, 2024 by Xynik

October 14, 2024 at 09:15AM Iran-linked APT OilRig has escalated its cyber activities targeting the United Arab Emirates and the Gulf region, exploiting recent vulnerabilities in the Windows kernel, according to a report by SecurityWeek. **Meeting Takeaways:** 1. **APT OilRig Activity**: The threat actor group OilRig, linked to Iran, has increased its cyber operations targeting … Read more

Iranian hackers now exploit Windows flaw to elevate privileges

October 13, 2024 by Xynik

October 13, 2024 at 11:39AM Iranian hacking group APT34, also known as OilRig, has intensified attacks on UAE government and critical infrastructure, utilizing a new backdoor to exploit Microsoft Exchange servers and a Windows vulnerability (CVE-2024-30088). Trend Micro indicates links to another Iran-based group, FOX Kitten, raising concerns over potential ransomware threats. **Meeting Takeaways: APT34 … Read more

OilRig Exploits Windows Kernel Flaw in Espionage Campaign Targeting UAE and Gulf

October 13, 2024 by Xynik

October 13, 2024 at 06:54AM OilRig, an Iranian cyber threat actor, has exploited a patched Windows Kernel vulnerability (CVE-2024-30088) in a cyber espionage campaign targeting the U.A.E. and Gulf region. Using sophisticated tactics, including a backdoor named STEALHOOK, they siphon credentials via Microsoft Exchange servers, aiming to maintain persistent access to compromised networks. ### Meeting … Read more

Earth Simnavaz (aka APT34) Levies Advanced Cyberattacks Against UAE and Gulf Regions

October 11, 2024 by Xynik

October 11, 2024 at 02:07PM Trend Micro has been tracking Earth Simnavaz (APT34/OilRig), a cyber espionage group targeting UAE government entities. Their sophisticated methods include utilizing backdoors, exploiting vulnerabilities, and employing RMM tools like ngrok for data exfiltration. Recent activities indicate a focus on critical infrastructure vulnerabilities to advance espionage goals in the region. ### … Read more

Earth Simnavaz Levies Advanced Cyberattacks Against UAE and Gulf Regions

October 11, 2024 by Xynik

October 11, 2024 at 03:51AM Trend Micro reports on Earth Simnavaz (APT34), a cyber espionage group targeting UAE government entities, using sophisticated tactics like backdoor malware exploiting CVE-2024-30088. The group steals credentials via Microsoft Exchange servers, employing tools to evade detection. Their activities emphasize threats to critical infrastructure amidst geopolitical tensions in the Gulf region. … Read more

Iranian Cyber Group OilRig Targets Iraqi Government in Sophisticated Malware Attack

September 12, 2024 by Xynik

September 12, 2024 at 07:18AM Iranian state-sponsored threat actor OilRig targeted Iraqi government networks in a sophisticated cyber attack. The group, also known as APT34, employed a range of custom backdoors and a new set of malware families in the campaign. The attacks involved unique command-and-control mechanisms and aimed to execute PowerShell commands and harvest … Read more

Iran-Linked ‘OilRig’ Cyberattackers Target Israel’s Critical Infrastructure, Over & Over

December 14, 2023 by Xynik

December 14, 2023 at 11:28AM Iranian APT group OilRig has targeted Israeli organizations in 2022 through cyberattacks leveraging custom downloaders. These downloaders, using legitimate Microsoft cloud services, facilitated command-and-control communications and data exfiltration. ESET researchers warned that OilRig’s continuous development of new variants makes them a formidable threat, specializing in cyber espionage primarily in the … Read more

Iranian State-Sponsored OilRig Group Deploys 3 New Malware Downloaders

December 14, 2023 by Xynik

December 14, 2023 at 08:00AM OilRig, an Iranian cyber espionage group, has deployed three new downloader malware named ODAgent, OilCheck, and OilBooster to maintain access to victim organizations in Israel. These lightweight downloaders use legitimate cloud service APIs for command-and-control communication, aiming to blend with authentic network traffic. The targets include healthcare, manufacturing, and governmental … Read more

Iranian Cyber Spies Use ‘LionTail’ Malware in Latest Attacks

November 1, 2023 by Xynik

November 1, 2023 at 10:23AM Researchers at Check Point warn that an Iranian espionage group known as Scarred Manticore has been using a new malware framework called LionTail in recent cyberattacks. The group, linked to the OilRig threat actor, has been active since 2019 and targets high-profile organizations in the Middle East. LionTail allows attackers … Read more