OilRig Exploits Windows Kernel Flaw in Espionage Campaign Targeting UAE and Gulf

The Iranian threat actor known as OilRig has been observed exploiting a now-patched privilege escalation flaw impacting the Windows Kernel as part of a cyber espionage campaign targeting the U.A.E. and the broader Gulf region. "The group utilizes sophisticated tactics that include deploying a...

Iranian Cyber Group OilRig Targets Iraqi Government in Sophisticated Malware Attack

Iraqi government networks have emerged as the target of an "elaborate" cyber attack campaign orchestrated by an Iran state-sponsored threat actor called OilRig. The attacks singled out Iraqi organizations such as the Prime Minister's Office and the Ministry of Foreign Affairs, cybersecurity compa...

PT-2024-4172

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to the fixed version Description The issue is related to an elevation-of-privilege vulnerability in the Windows Kernel, which allows attackers to gain SYSTEM-level control. This vulnerability has been exploited...

Hackers Increasingly Abusing Microsoft Graph API for Stealthy Malware Communications

Threat actors have been increasingly weaponizing Microsoft Graph API for malicious purposes with the aim of evading detection. This is done to "facilitate communications with command-and-control C&C infrastructure hosted on Microsoft cloud services," the Symantec Threat Hunter Team, part of...

OilRig Group Unleashes Three New Malware Strains

Summary: The Iranian state-sponsored threat actor, commonly referred to as OilRig, implemented three distinct downloader malware variants throughout the year 2022. The primary objective was to sustain persistent access to targeted organizations located in Israel. OilRig demonstrated active...

Iranian State-Sponsored OilRig Group Deploys 3 New Malware Downloaders

The Iranian state-sponsored threat actor known as OilRig deployed three different downloader malware throughout 2022 to maintain persistent access to victim organizations located in Israel. The three new downloaders have been named ODAgent, OilCheck, and OilBooster by Slovak cybersecurity company...

Iran's MuddyWater Targets Israel in New Spear-Phishing Cyber Campaign

The Iranian nation-state actor known as MuddyWater has been linked to a new spear-phishing campaign targeting two Israeli entities to ultimately deploy a legitimate remote administration tool from N-able called Advanced Monitoring Agent. Cybersecurity firm Deep Instinct, which disclosed details o...

Iranian Cyber Espionage Group Targets Financial and Government Sectors in Middle East

A threat actor affiliated with Iran's Ministry of Intelligence and Security MOIS has been observed waging a sophisticated cyber espionage campaign targeting financial, government, military, and telecommunications sectors in the Middle East for at least a year. Israeli cybersecurity firm Check...

Prolonged Pursuit of OilRig APT Targeting Middle East Government

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Iran-affiliated threat actor known as OilRig orchestrated a sophisticated eight-month campaign directed at the Middle East government, during which the attackers managed to steal sensitive files and...

Iran-Linked OilRig Targets Middle East Governments in 8-Month Cyber Campaign

The Iran-linked OilRig threat actor targeted an unnamed Middle East government between February and September 2023 as part of an eight-month-long campaign. The attack led to the theft of files and passwords and, in one instance, resulted in the deployment of a PowerShell backdoor called...

Iranian APT Group OilRig Using New Menorah Malware for Covert Operations

Sophisticated cyber actors backed by Iran known as OilRig have been linked to a spear-phishing campaign that infects victims with a new strain of malware called Menorah. "The malware was designed for cyberespionage, capable of identifying the machine, reading and uploading files from the machine,...

Iranian Nation-State Actor OilRig Targets Israeli Organizations

Israeli organizations were targeted as part of two different campaigns orchestrated by the Iranian nation-state actor known as OilRig in 2021 and 2022. The campaigns, dubbed Outer Space and Juicy Mix, entailed the use of two previously undocumented first-stage backdoors called Solar and Mango,...

New PowerExchange Backdoor Used in Iranian Cyber Attack on UAE Government

An unnamed government entity associated with the United Arab Emirates U.A.E. was targeted by a likely Iranian threat actor to breach the victim's Microsoft Exchange Server with a "simple yet effective" backdoor dubbed PowerExchange. According to a new report from Fortinet FortiGuard Labs, the...

Operation ChattyGoblin: Hackers Targeting Gambling Firms via Chat Apps

A gambling company in the Philippines was the target of a China-aligned threat actor as part of a campaign that has been ongoing since October 2021. Slovak cybersecurity firm ESET is tracking the series of attacks against Southeast Asian gambling companies under the name Operation ChattyGoblin...

APT trends report Q1 2023

For more than five years, the Global Research and Analysis Team GReAT at Kaspersky has been publishing quarterly summaries of advanced persistent threat APT activity. These summaries are based on our threat intelligence research; and they provide a representative snapshot of what we have publishe...

Actors, Threats and Vulnerabilities 6 February to 12 February 2023

For a detailed threat digest, download the pdf file here Summary For a detailed threat digest, download the pdf file here Hive Pro identified three active actors over the past week. The first, OilRig, is a well-known threat actor known for its information theft and espionage activities. The secon...

Iranian OilRig Group Strikes with AutoHotkey Keylogger and Malicious Macro

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary In a recent intrusion, a threat actor utilized AutoHotkey to launch a keylogger. The Iranian OilRig group is suspected to be the culprit behind this attack. The initial compromise was initiated with a...

Iranian OilRig Hackers Using New Backdoor to Exfiltrate Data from Govt. Organizations

The Iranian nation-state hacking group known as OilRig has continued to target government organizations in the Middle East as part of a cyber espionage campaign that leverages a new backdoor to exfiltrate data. "The campaign abuses legitimate but compromised email accounts to send stolen data to...

Iranian OilRig Hackers Using New Backdoor to Exfiltrate Data from Govt. Organizations

The Iranian nation-state hacking group known as OilRig has continued to target government organizations in the Middle East as part of a cyber espionage campaign that leverages a new backdoor to exfiltrate data. "The campaign abuses legitimate but compromised email accounts to send stolen data to...

Iranian Hackers Spotted Using a new DNS Hijacking Malware in Recent Attacks

The Iranian state-sponsored threat actor tracked under the moniker Lyceum has turned to using a new custom .NET-based backdoor in recent campaigns directed against the Middle East. "The new malware is a .NET based DNS Backdoor which is a customized version of the open source tool 'DIG.net,'"...