Data Breaches | Latest News

Addressing Cybersecurity Threats from Iran
OilRig operation, emphasizing the need for adequate protection measures.”>


Addressing Cybersecurity Threats from Iran

Hacker binary attack code. Made with Canon 5d Mark III and analog vintage lens, Leica APO Macro Elmarit-R 2.8 100mm (Year: 1993)

Permeating the cybersecurity sphere are continually escalating threats. Often, the main targets are governments. OilRig, linked to Iran, is one actor worth noting.

OilRig is believed to have led an eight-month cyber operation against a Middle East government. This operation ran from February to September 2023.

A thorough report by the Symantec Threat Hunter Team indicates the devastating effects of this protracted and disruptive operation.

The cyber attack resulted in stolen files and compromised passwords. There was also an alarming deployment of a powerful tool named PowerExchange.

This potent PowerShell backdoor is well-known in the world of cyber intrusion.

PowerExchange was first discovered by Fortinet FortiGuard Labs and was first used in a cyber attack linked to the United Arab Emirates.

PowerExchange is characterized by innovative features which allow it to log into a Microsoft Exchange Server using hardcoded credentials. This grants the attacker immense freedom to perform harmful acts.

Additionally, it also masks its actions by moving command-containing messages to the Deleted Items folder.

Symantec named the OilRig operation “Crambus.” It used PowerExchange and three unknown malicious software to compromise a number of computers.

Symantec also discovered that a similar number of computers were back-doored and infected with keyloggers. Access was apparently gained through email phishing by a highly skilled espionage group.

The operation carried on until September 9, 2023, demonstrating a deep understanding of deception and manipulation.

Another notorious threat group, APT34 (also known as OilRig or Helix Kitten), launched “Menorah”.

This new tool in their arsenal was used for a phishing campaign. It aids in identifying target machines and facilitating file interactions.

Trend Micro reports indicate that APT34 consistently focuses on acquiring sensitive intelligence.

In view of these developments, there’s an immediate need for hardened cybersecurity measures.

Organizations must update their defenses regularly and remain informed about changing attacker tactics.

Referring to the latest bulletins regularly for updates and signs of compromise will strengthen protection against meticulously planned operations.

The cyber battlespace is, after all, an arena of constant change.

If you enjoyed this article, please check out our other articles on CyberNow

October 19, 2023
Permeating the cybersecurity sphere are continually escalating threats. Often, the main targets are governments. OilRig, linked to Iran, is one actor worth noting.
Quick Links
Products
Case Studies

Media Library

Knowledge Center
CyberNow Community
About
Company Info
Investor Relations
Careers
News and Press
Events
Customer Stories
Site Info
Legal
Privacy Policy
Cookies Settings
Terms of Use
Trademarks
Trust Center
Contact
FAQ
Contact Us
Chat Now
Newsletter