What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2017-07-27 12:00:20 | OilRig uses ISMDoor variant; Possibly Linked to Greenbug Threat Group (lien direct) | New research from Unit 42: OilRig uses ISMDoor variant; possibly linked to Greenbug threat group. | APT 34 | ||
|
2017-04-27 20:00:32 | OilRig Actors Provide a Glimpse into Development and Testing Efforts (lien direct) | Unit 42 researches the techniques used by attackers to avoid antivirus detection and successfully deliver OilRig campaign attacks. | APT 34 | ||
 |
2017-04-27 14:10:00 | Iranian Hackers Believed Behind Massive Attacks on Israeli Targets (lien direct) | OilRig aka Helix Kitten nation-state group leveraged Microsoft zero-day bug in targeted attacks. | APT 34 | ||
|
2017-03-21 10:00:00 | Report: \'OilRig\' Attacks Expanding Across Industries, Geographies (lien direct) | The highly-effective malware targets Middle Eastern airlines, government, financial industries and critical infrastructures with a simple but powerful backdoor created by infected Excel files attached to phishing emails. | APT 34 | ||
 |
2017-01-06 14:49:11 | Iranian Group Delivers Malware via Fake Oxford University Sites (lien direct) | An Iran-linked advanced persistent threat (APT) group dubbed OilRig has used a fake Juniper Networks VPN portal and fake University of Oxford websites to deliver malware to victims. | APT 34 | ||
|
2016-10-08 11:00:23 | Palo Alto Networks News of the Week – October 8, 2016 (lien direct) | Did you miss any of this week's Palo Alto Networks action? Don't worry, we've rounded up the top news right here. Unit 42 shared new research about EITest, a long-running campaign that uses exploit kits to distribute a variety of malware. Unit 42 also investigated recent OilRig malware campaign activity and shared details about their updated toolset and new targets. We released solutions for the Random track, the last track of Unit 42's LabyREnth Capture the Flag challenge. Navneet Singh shared 5 steps for preventing data breaches due to insider … | APT 34 | ||
 |
2016-10-05 18:17:24 | Oil \'slick\': Sneaky OilRig malware campaign flows into new territory (lien direct) | A backdoor malware campaign dubbed OilRig that in May was discovered targeting organizations in Saudi Arabia is now trying to drill into government entities in Turkey, Israel and the U.S., as well as Qatari companies and organizations. |
APT 34 | ||
|
2016-10-04 20:10:16 | OilRig Malware Campaign Updates Toolset and Expands Targets (lien direct) | Since our first published analysis of the OilRig campaign in May 2016 , we have continued to monitor this group for new activity. In recent weeks we’ve discovered that the group have been actively updating their Clayslide delivery documents, as well as the Helminth backdoor used against victims. Additionally, the scope of organizations targeted by this group has expanded to not only include organizations within Saudi Arabia, but also a company in Qatar and government organizations in Turkey, Israel and the United States. Expanded Targeting The group behind the OilRig … | APT 34 | ||
|
2016-05-26 21:05:54 | The OilRig Campaign: Attacks on Saudi Arabian Organizations Deliver Helminth Backdoor (lien direct) | In May 2016, Unit 42 observed targeted attacks primarily focused on financial institutions and technology organizations within Saudi Arabia. Artifacts identified within the malware samples related to these attacks also suggest the targeting of the… | APT 34 | ★★★ | |
 |
2016-05-22 08:01:01 | Attaques ciblées contre les banques au Moyen-Orient Targeted Attacks against Banks in the Middle East (lien direct) |
Mise à jour (8 décembre 2017): Nous attribuons maintenant cette campagne à APT34, un groupe de menace de cyber-espionnage iranien présumé qui, selon nous, est actif depuis au moins 2014. En savoir plus sur apt34 et leur ciblage fin 2017 d'une organisation gouvernementaleau Moyen-Orient.
Introduction
Au cours de la première semaine de mai 2016, DTI de FireEye \\ a identifié une vague de courriels contenant des pièces jointes malveillantes envoyées à plusieurs banques de la région du Moyen-Orient.Les acteurs de la menace semblent effectuer une reconnaissance initiale contre des cibles potentielles, et les attaques ont attiré notre attention car ils utilisaient
UPDATE (Dec. 8, 2017): We now attribute this campaign to APT34, a suspected Iranian cyber espionage threat group that we believe has been active since at least 2014. Learn more about APT34 and their late 2017 targeting of a government organization in the Middle East. Introduction In the first week of May 2016, FireEye\'s DTI identified a wave of emails containing malicious attachments being sent to multiple banks in the Middle East region. The threat actors appear to be performing initial reconnaissance against would-be targets, and the attacks caught our attention since they were using |
Threat | APT 34 | ★★★ |
To see everything:
Our RSS (filtrered)
