OilRig – Page 2 – WindowsTechs.com

Well-known Middle Eastern hacking group keeps updating its arsenal

Posted on September 14, 2018 by Patrick Howell O'Neill

A highly-active hacking group known for targeting Middle Eastern governments is updating its tools. OilRig, a hacking group that has been linked by researchers to Iran, has been observed using an updated version of the BONDUPDATER malware to target a Middle Eastern government in spearphishing attacks, according to new research from the U.S. cybersecurity firm Palo Alto Networks. Researchers offered up a spearphishing message sent to an official from an unspecified government. The email came with a malicious document containing a new version of the BONDUPDATER Trojan. The new version opens up new options for the malware to communicate with command-and-control servers and thereby new ways for the hackers to carry out attacks against targets. In particular, this update “tunnels” through the Domain Name System (DNS) so that the malware and hacker can communicate through TXT records normally used by the DNS system so that computers can more easily find one another over the internet. “This […]

The post Well-known Middle Eastern hacking group keeps updating its arsenal appeared first on Cyberscoop.

Continue reading Well-known Middle Eastern hacking group keeps updating its arsenal→

OilRig APT Continues Its Ongoing Malware Evolution

Posted on September 13, 2018 by Tara Seals

The Iran-linked APT appears to be in a state of continuous tool development, analogous to the DevOps efforts seen in the legitimate software world. Continue reading OilRig APT Continues Its Ongoing Malware Evolution→

OilRig Launching Attack Campaigns With Updated BONDUPDATER Trojan

Posted on September 13, 2018 by David Bisson

The OilRig group conducted at least one attack campaign containing an updated variant of the BONDUPDATER trojan as its final payload. In August 2018, Palo Alto Networks’ Unit 42 threat research team detected an OilRig campaign targeting a high-ra… Continue reading OilRig Launching Attack Campaigns With Updated BONDUPDATER Trojan→

OilRig Sends an OopsIE to Mideast Government Targets

Posted on September 5, 2018 by Tara Seals

The Iran-linked group is using a variant of the data-exfiltration OopsIE trojan to attack a Mideast government entity. Continue reading OilRig Sends an OopsIE to Mideast Government Targets→

A well-known hacking group is getting better at evading detection

Posted on September 4, 2018 by Patrick Howell O'Neill

A well-known hacking group remains highly active with new incursions against Middle Eastern governments, according to a new report from U.S. cybersecurity firm Palo Alto Networks. Additionally, the group is employing evasion techniques meant to cut down on the risk of detection. The new report focuses on OopsIE, a trojan first tracked earlier this year, being used in spear phishing attacks against a highly targeted a Middle Eastern government agency. The trojan is being used by OilRig, a group that has been linked to Iran. “The OopsIE variant delivered in this attack begins its execution by performing a series of anti-VM and sandbox checks,” the researchers wrote. “If any of the checks … are successful, the Trojan will exit without running any of its functional code. These evasion techniques are meant to thwart automated analysis in an effort to avoid detection.” The checks OopsIE runs include ones on vitals like […]

The post A well-known hacking group is getting better at evading detection appeared first on Cyberscoop.

Continue reading A well-known hacking group is getting better at evading detection→

Another well-known hacking group using leaked NSA hacking tools

Posted on February 28, 2018 by Patrick Howell O'Neill

A familiar hacking group is using leaked NSA hacking tools and other cyberweapons in an increasingly active and ambitious strategy against its targets, according to a new report from Symantec. The group, known as “Chafer,” successfully compromised one of the biggest telecom firms in the Middle East last year in an attack that may have set up surveillance across the region. Chafer is linked to a group called OilRig, a highly active Iranian hacking group that’s shared command and control infrastructure and infection vectors with Chafer. The group may have been active as early as 2011. Chafer was first spotted in 2015 targeting mostly telecoms and airlines in the Middle East as well at least one business as the United States. “We have seen a shift compared to where they were three years ago,” said Symantec Technical Director Vikram Thakur. “They used to attack a majority of targets within the country of Iran. […]

The post Another well-known hacking group using leaked NSA hacking tools appeared first on Cyberscoop.

Continue reading Another well-known hacking group using leaked NSA hacking tools→

This country’s hacking efforts have become too big to ignore

Posted on December 7, 2017 by Chris Bing

While hackers linked to China, North Korea and Russia have dominated headlines over the past year, similar groups in Iran have caused significant damage while drawing far less attention. Multiple cyber-espionage groups attributed to Iran became increasingly active over the last 12 months, as at least four entities with ties to the regime have broken into a wide array of organizations, according to private sector cybersecurity experts and three former U.S. intelligence officials with knowledge of regional activity. “For the first time in my career, I’m not convinced we’re responding more to Russia or China,” FireEye CEO Kevin Mandia said in a report published by the company on Thursday. “It feels to me that the majority of the actors we’re responding to right now are hosted in Iran, and they are state-sponsored.” This surge in digital espionage — which has predominantly come in the form of spearphishing emails, strategic web compromises and breached social […]

The post This country’s hacking efforts have become too big to ignore appeared first on Cyberscoop.

Continue reading This country’s hacking efforts have become too big to ignore→

APT Group Uses Catfish Technique To Ensnare Victims

Posted on July 27, 2017 by Tom Spring

APT Cobalt Gypsy or OilRig, used a fake persona called “Mia Ash” to ensnare tech-savvy workers in the oil and gas industry into downloading PupyRAT malware. Continue reading APT Group Uses Catfish Technique To Ensnare Victims→

APT Group Uses Catfish Technique To Ensnare Victims

Posted on July 27, 2017 by Tom Spring

Iran-linked hackers used Microsoft Word flaw against Israeli targets, security firm says

Posted on April 27, 2017 by Patrick Howell O'Neill

Hackers allegedly linked to the Iranian government launched a digital espionage operation this month against more than 250 different Israel-based targets by using a recently disclosed and widely exploited Microsoft Word vulnerability, cybersecurity experts tell CyberScoop. The hacking group, dubbed OilRig by security researchers and believed to be tied to Iranian intelligence services, utilized a software flaw in Word officially known as CVE-2017-0199 that allows attackers to execute a remote computer intrusion to take full control of a target device while leaving little or no trace, said Michael Gorelik, vice president of Israeli security firm Morphisec. Over the last month, Morphisec has investigated the incident on behalf of multiple victims. Clients showed forensic evidence on their respective networks that could be linked back to OilRig. After its disclosure in March, CVE-2017-0199 was quickly exploited by nation-states and cybercriminals alike. OilRig has been around since at least 2015, according to numerous security industry experts who have […]

The post Iran-linked hackers used Microsoft Word flaw against Israeli targets, security firm says appeared first on Cyberscoop.

Continue reading Iran-linked hackers used Microsoft Word flaw against Israeli targets, security firm says→