Iranian Hackers Use Backdoor to Spy on Middle Eastern Governments

Created with Sketch.

Iranian Hackers Use Backdoor to Spy on Middle Eastern Governments

Trend Micro security researchers say the Iranian APT group OilRig (APT34, Cobalt Gypsy, Europium and Helix Kitten) continues to attack government organizations in the Middle East.

The campaign uses legitimate email accounts (of the victims) to send stolen data to external email accounts controlled by attackers.

To send the data, a NET-based backdoor is used that delivers 4 malicious files.

In the next step, the attackers use the DLL file in order to obtain information and access to the domain users and local profiles.

The emails the hackers contacted:

Jaqueline[.][email protected][.]me

Ciara[.][email protected][.]me

marsha[.][email protected][.]com

Kathryn[.][email protected][.]me

Susan[.][email protected][.]me

Earl[.][email protected][.]com

https://www.trendmicro.com/en_us/research/23/b/new-apt34-malware-targets-the-middle-east.html

Leave a Reply

Your email address will not be published. Required fields are marked *

    © 2023 Cybecs

    Skip to content