#OilRig

Iran-Linked ‘OilRig’ Cyberattackers Target Israel’s Critical Infrastructure, Over & Over

by

December 14, 2023 at 11:28AM Iranian APT group OilRig has targeted Israeli organizations in 2022 through cyberattacks leveraging custom downloaders. These downloaders, using legitimate Microsoft cloud services, facilitated command-and-control communications and data exfiltration. ESET researchers warned that OilRig’s continuous development of new variants makes them a formidable threat, specializing in cyber espionage primarily in the … Read more

Iranian State-Sponsored OilRig Group Deploys 3 New Malware Downloaders

by

December 14, 2023 at 08:00AM OilRig, an Iranian cyber espionage group, has deployed three new downloader malware named ODAgent, OilCheck, and OilBooster to maintain access to victim organizations in Israel. These lightweight downloaders use legitimate cloud service APIs for command-and-control communication, aiming to blend with authentic network traffic. The targets include healthcare, manufacturing, and governmental … Read more

Iranian Cyber Spies Use ‘LionTail’ Malware in Latest Attacks

by

November 1, 2023 at 10:23AM Researchers at Check Point warn that an Iranian espionage group known as Scarred Manticore has been using a new malware framework called LionTail in recent cyberattacks. The group, linked to the OilRig threat actor, has been active since 2019 and targets high-profile organizations in the Middle East. LionTail allows attackers … Read more

Iranian Cyber Espionage Group Targets Financial and Government Sectors in Middle East

by

November 1, 2023 at 07:48AM A cyber espionage campaign has been targeting financial, government, military, and telecommunications sectors in the Middle East for at least a year. The threat actor, known as Scarred Manticore, is affiliated with Iran’s Ministry of Intelligence and Security. The campaign shows overlaps with other Iranian groups and uses a previously … Read more

Iranian hackers lurked in Middle Eastern govt network for 8 months

by

October 19, 2023 at 12:45PM Iranian hacking group MuddyWater, also known as APT34 or OilRig, breached a Middle Eastern government network and maintained access for eight months. They used a PowerShell backdoor called PowerExchange to steal passwords and data, and blend in with typical network traffic. They also utilized other tools such as Backdoor.Tokel, Trojan.Dirps, … Read more

Iran-Linked ‘MuddyWater’ Spies on Mideast Gov’t for 8 Months

by

October 19, 2023 at 10:35AM An Iranian state-aligned APT known as MuddyWater has conducted a spying campaign on an unnamed Middle Eastern government for eight months. Symantec, which tracks the group, identified daily efforts to steal sensitive government data using custom malware tools. The campaign, which went undetected, involved accessing various computers on the network … Read more