FlagThis

References :

• ciso2ciso.com: OilRig Exploits Windows Kernel Flaw in Espionage Campaign Targeting UAE and Gulf – Source:thehackernews.com
• social.skynetcloud.site: OilRig Exploits Windows Kernel Flaw in Espionage Campaign Targeting UAE and Gulf – Source:thehackernews.com
• infosec.exchange: The Iranian state-sponsored hacking group APT34, aka OilRig, has recently escalated its activities with new campaigns targeting government and critical infrastructure entities in the United Arab Emirates and the Gulf region.
• thehackernews.com: OilRig Exploits Windows Kernel Flaw in Espionage Campaign Targeting UAE and Gulf
• www.bleepingcomputer.com: The Iranian state-sponsored hacking group APT34, aka OilRig, has recently escalated its activities with new campaigns targeting government and critical infrastructure entities in the United Arab Emirates and the Gulf region.
• CSO Online: Iranian hackers use Windows holes to attack critical Gulf and Emirates systems
• malware.news: After injecting PowerShell commands in a vulnerable web server, OilRig proceeds to leverage CVE-2024-30088 to facilitate password filter DLL registration for plaintext credential capturing, 'ngrok' utility installation for covert communications, and the targeting of Microsoft Exchange servers with the novel 'StealHook' backdoor.
• www.scworld.com: High-severity Windows vulnerability leveraged in new OilRig APT attacks
• ciso2ciso.com: Earth Simnavaz (aka APT34) Attack Detection: Iranian Hackers Leverage Windows Kernel Vulnerability to Target UAE and Gulf Region
• Threats | CyberScoop: Iranian hackers are going after critical infrastructure sector passwords, agencies caution
• Alerts: CISA - Iranian Cyber Actors Targeting Critical Infrastructure Organizations Using Brute Force
• social.skynetcloud.site: CISA, FBI, NSA, and International Partners Release Advisory on Iranian Cyber Actors Targeting Critical Infrastructure Organizations Using Brute Force
• www.cisa.gov: CISA, FBI, NSA, and International Partners Release Advisory on Iranian Cyber Actors Targeting Critical Infrastructure Organizations Using Brute Force
• infosec.exchange: NSA, in collaboration with FBI, CISA, CSE Canada, AFP and ASD’s ACSC, has released an advisory report on Iranian cyber actors’ use of brute force and other techniques to compromise organizations across multiple critical infrastructure sectors.
• securityonline.info: FBI, CISA, NSA warn of Iranian cyberattacks on critical infrastructure
• industrialcyber.co: Iranian hackers use brute force, credential access activity to target critical infrastructure organizations
• malware.news: Malware News article on the Iranian brute force attacks.
• www.scworld.com: SC World article about the Iranian brute force attacks.
• ciso2ciso.com: Iranian Hackers Using Brute Force on Critical Infrastructure – Source: www.govinfosecurity.com
• social.skynetcloud.site: Iranian Hackers Using Brute Force on Critical Infrastructure – Source: www.govinfosecurity.com
• infosec.exchange: Iranian hackers use brute force, credential access activity to target critical infrastructure organizations
• securityaffairs.com: U.S. and allies warn of attacks from Iran-linked actors targeting critical infrastructure through brute-force attacks in a year-long campaign.

Classification:

• HashTags: #Espionage #CriticalInfrastructure #Cybersecurity
• Company: Trend Micro
• Target: Critical Infrastructure and Enterprises
• Attacker: OilRig (Earth Simnavaz, APT34)
• Product: Microsoft Exchange
• Feature: Privilege Escalation
• Type: Espionage
• Severity: High