National Cyber Warfare Foundation (NCWF)

OilRig
0 user ratings		2024-06-18 15:21:32
blscott

 - archive -- 

OilRig

MITRE:  G0049

OilRig is a suspected Iranian threat group that has targeted Middle Eastern and international victims since at least 2014. The group has targeted a variety of sectors, including financial, government, energy, chemical, and telecommunications. It appears the group carries out supply chain attacks, leveraging the trust relationship between organizations to attack their primary targets. The group works on behalf of the Iranian government based on infrastructure details that contain references to Iran, use of Iranian infrastructure, and targeting that aligns with nation-state interests.

OilRig is an advanced persistent threat (APT) group that has been active since at least 2015, targeting government agencies and organizations in various countries including Saudi Arabia, Iran, Qatar, Kuwait, Oman, Bahrain, Yemen, Iraq, the United States, Canada, Brazil, Mexico, Germany, Austria, Switzerland, Italy, Spain, Belgium, France, Portugal, Greece, Turkey, Russia, and China. The group is believed to be linked to Iranian intelligence agencies, but its exact affiliation remains unclear. OilRig has been known for conducting cyber espionage operations against their targets using various techniques such as spear-phishing emails, watering hole attacks, and exploiting vulnerabilities in software applications. The group is also believed to have ties with other APT groups like APT34 (OilRig) and APT10 (MenuPass

Techniques, tactics and practices:

The group is believed to have used various techniques such as spear-phishing emails, watering hole attacks, exploiting vulnerabilities in software applications. They also use custom malware and tools that are not widely available on the internet. Additionally, they utilize social engineering tactics like impersonating legitimate organizations or individuals to gain access to their targets\' systems. OilRig is known for conducting cyber espionage operations against government agencies and organizations in various countries including Saudi Arabia, Iran, Qatar, Kuwait, Oman, Bahrain, Yemen, Iraq, the United States, Canada, Brazil, Mexico, Germany, Austria, Switzerland, Italy, Spain, Belgium, France, Portugal, Greece, Turkey, Russia, and China.



Comments
new comment
Nobody has commented yet. Will you be the first?


Primary Names
APT42


a.k.a
Evasive Serpens
Greenbug
Twisted Kitten
Clayslide
ATK40
Helix Kitten
APT34
47204403-34c9-4d25-a006-296a0939d1a2
CHRYSENE
IRN2
TA452
Helminth
ITG13
G0049
Crambus
COBALT GYPSY
Hazel Sandstorm
EUROPIUM
  




This link is from a restricted area of the forums.
Forum


Copyright 2012 through 2025 - National Cyber Warfare Foundation - All rights reserved worldwide.