#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

OilRig | Breaking Cybersecurity News | The Hacker News

Iranian State-Sponsored OilRig Group Deploys 3 New Malware Downloaders

Iranian State-Sponsored OilRig Group Deploys 3 New Malware Downloaders

Dec 14, 2023 Malware / Cyber Espionage
The Iranian state-sponsored threat actor known as  OilRig  deployed three different downloader malware throughout 2022 to maintain persistent access to victim organizations located in Israel. The three new downloaders have been named ODAgent, OilCheck, and OilBooster by Slovak cybersecurity company ESET. The attacks also involved the use of an updated version of a known OilRig downloader dubbed  SampleCheck5000  (or SC5k). "These lightweight downloaders [...] are notable for using one of several legitimate cloud service APIs for [command-and-control] communication and data exfiltration: the Microsoft Graph OneDrive or Outlook APIs, and the Microsoft Office Exchange Web Services (EWS) API," security researchers Zuzana Hromcová and Adam Burgher  said  in a report shared with The Hacker News. By using well-known cloud service providers for command-and-control communication, the goal is to blend with authentic network traffic and cover up the group's attack infrastructure
Iran-Linked OilRig Targets Middle East Governments in 8-Month Cyber Campaign

Iran-Linked OilRig Targets Middle East Governments in 8-Month Cyber Campaign

Oct 19, 2023 Cyber Attack / Cyber Espionage
The Iran-linked  OilRig threat actor  targeted an unnamed Middle East government between February and September 2023 as part of an eight-month-long campaign. The attack led to the theft of files and passwords and, in one instance, resulted in the deployment of a PowerShell backdoor called PowerExchange, the Symantec Threat Hunter Team, part of Broadcom,  said  in a report shared with The Hacker News. The cybersecurity firm is tracking the activity under the name  Crambus , noting that the adversary used the implant to "monitor incoming mails sent from an Exchange Server in  order to execute commands sent by the attackers in the form of emails, and surreptitiously forwarded results to the attackers." Malicious activity is said to have been detected on no less than 12 computers, with backdoors and keyloggers installed on a dozen other machines, indicating a broad compromise of the target. The use of PowerExchange was  first highlighted  by Fortinet FortiGuard Labs in May
How Nation-State Actors Target Your Business: New Research Exposes Major SaaS Vulnerabilities

How Nation-State Actors Target Your Business: New Research Exposes Major SaaS Vulnerabilities

Feb 15, 2024SaaS Security / Risk Management
With many of the highly publicized 2023 cyber attacks revolving around one or more SaaS applications, SaaS has become a cause for genuine concern in many boardroom discussions. More so than ever, considering that GenAI applications are, in fact, SaaS applications. Wing Security (Wing), a SaaS security company, conducted an analysis of 493 SaaS-using companies in Q4 of 2023.  Their study reveals  how companies use SaaS today, and the wide variety of threats that result from that usage. This unique analysis provides rare and important insights into the breadth and depth of SaaS-related risks, but also provides practical tips to mitigate them and ensure SaaS can be widely used without compromising security posture.  The TL;DR Version Of SaaS Security 2023 brought some now infamous examples of malicious players leveraging or directly targeting SaaS, including the North Korean group UNC4899, 0ktapus ransomware group, and Russian Midnight Blizzard APT, which targeted well-known organizat
Iranian APT Group OilRig Using New Menorah Malware for Covert Operations

Iranian APT Group OilRig Using New Menorah Malware for Covert Operations

Sep 30, 2023 Cyber Espionage / Malware
Sophisticated cyber actors backed by Iran known as  OilRig  have been linked to a spear-phishing campaign that infects victims with a new strain of malware called Menorah. "The malware was designed for cyberespionage, capable of identifying the machine, reading and uploading files from the machine, and downloading another file or malware," Trend Micro researchers Mohamed Fahmy and Mahmoud Zohdy  said  in a Friday report. The victimology of the attacks is not immediately known, although the use of decoys indicates at least one of the targets is an organization located in Saudi Arabia. Also tracked under the names APT34, Cobalt Gypsy, Hazel Sandstorm, and Helix Kitten,  OilRig  is an Iranian advanced persistent threat (APT) group that specializes in covert intelligence gathering operations to infiltrate and maintain access within targeted networks. The revelation builds on  recent findings  from NSFOCUS, which uncovered an OilRig phishing attack resulting in the deploymen
cyber security

Are You Vulnerable to Third-Party Breaches Through Interconnected SaaS Apps?

websiteWing SecuritySaaS Security / Risk Management
Protect against cascading risks by identifying and mitigating app2app and third-party SaaS vulnerabilities.
Iranian OilRig Hackers Using New Backdoor to Exfiltrate Data from Govt. Organizations

Iranian OilRig Hackers Using New Backdoor to Exfiltrate Data from Govt. Organizations

Feb 03, 2023 Cyber Espionage / Cyber Threat
The Iranian nation-state hacking group known as  OilRig  has continued to target government organizations in the Middle East as part of a cyber espionage campaign that leverages a new backdoor to exfiltrate data. "The campaign abuses legitimate but compromised email accounts to send stolen data to external mail accounts controlled by the attackers," Trend Micro researchers Mohamed Fahmy, Sherif Magdy, and Mahmoud Zohdy  said . While the technique in itself is not unheard of, the development marks the first time OilRig has adopted it in its playbook, indicating the continued evolution of its methods to bypass security protections. The advanced persistent threat (APT) group, also referred to as APT34, Cobalt Gypsy, Europium, and Helix Kitten, has been  documented  for its targeted phishing attacks in the Middle East since at least 2014. Linked to Iran's Ministry of Intelligence and Security (MOIS), the group is known to use a diverse toolset in its operations, with re
Cybersecurity Resources