Jump to content
  • Iranian APT Group OilRig Using New Menorah Malware for Covert Operations

    aum

    • 430 views
    • 2 minutes
     Share


    • 430 views
    • 2 minutes

    Sophisticated cyber actors backed by Iran known as OilRig have been linked to a spear-phishing campaign that infects victims with a new strain of malware called Menorah.

     

    "The malware was designed for cyberespionage, capable of identifying the machine, reading and uploading files from the machine, and downloading another file or malware," Trend Micro researchers Mohamed Fahmy and Mahmoud Zohdy said in a Friday report.

     

    The victimology of the attacks is not immediately known, although the use of decoys indicates at least one of the targets is an organization located in Saudi Arabia.

     

    Also tracked under the names APT34, Cobalt Gypsy, Hazel Sandstorm, and Helix Kitten, OilRig is an Iranian advanced persistent threat (APT) group that specializes in covert intelligence gathering operations to infiltrate and maintain access within targeted networks.

     

    The revelation builds on recent findings from NSFOCUS, which uncovered an OilRig phishing attack resulting in the deployment of a new variant of SideTwist malware, indicating that it's under continuous development.

     

    In the latest infection chain documented by Trend Micro, the lure document is used to create a scheduled task for persistence and drop an executable ("Menorah.exe") that, for its part, establishes contact with a remote server to await further instructions. The command-and-control server is currently inactive.

     

    The .NET malware, an improved version of the original C-based SideTwist implant discovered by Check Point in 2021, is armed with various features to fingerprint the targeted host, list directories and files, upload selected files from the compromised system, execute shell commands, and download files to the system.

     

    "The group consistently develops and enhances tools, aiming to reduce security solutions and researchers' detection," the researchers said.

     

    "Typical of APT groups, APT34 demonstrates their vast resources and varied skills, and will likely persist in customizing routines and social engineering techniques to use per targeted organization to ensure success in intrusions, stealth, and cyber espionage."

     

    Source


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...