Iranian group OilRig is attacking the Iraqi government using new types of malware

12 September 2024 1 minute Author: Newsman

OilRig, an Iran-linked group, has launched a sophisticated attack on Iraqi government networks using new malware to steal data and control systems via fake emails.

OilRig, also known as APT34 or Crambus, has carried out a series of attacks on Iraqi government institutions, including the Prime Minister’s Office and the Ministry of Foreign Affairs. The attack involved using malicious files disguised as safe documents to launch new families of malware called Veaty and Spearal. These programs were able to execute PowerShell commands and collect and transfer sensitive files to attackers’ servers. The main method of managing attacks is the use of electronic mailboxes captured from victim organizations.

OilRig has been active since 2014, focusing on the Middle East. The group regularly uses phishing attacks to distribute custom backdoors, including Karkoff, PowerExchange, and others. This campaign highlights the evolution of cyber threats, including the use of new malware and sophisticated command and control mechanisms such as DNS tunneling and emails.

The OilRig attack on Iraq demonstrates the ongoing threat from Iranian cyber groups. The Iranians continue to improve their methods, including the use of new channels of command and control, requiring government agencies to further improve their cyber security.

Other related articles
News
Read more
14,000 medical workers are at risk
The MNA Healthcare data breach exposed the personal data of more than 14,000 healthcare professionals. The data breach included encrypted Social Security Numbers (SSNs), temporary passwords and other data that increases the risk of financial fraud and identity theft. The company has already blocked access to the leak, but the threat remains.
81
News
Read more
Hacking of the London branch of ICBC
The Hunters Ransomware group claimed to have breached ICBC's London branch, stealing 6.6 terabytes of data. The cybercriminals are threatening to release the data if their demands are not met by September 13, 2024.
103
Found an error?
If you find an error, take a screenshot and send it to the bot.