The Iran-Linked cyberespionage group OilRig has been using a new Trojan in attacks aimed at targets in the Middle East. Experts from Palo Alto Networks spotted a new campaign launched by the notorious APT group against an organization within the government of the United Arab Emirates (UAE). The hacker group is an Iran-linked APT that has been around since at least 2015. Cyber Crypter V2 RocketA Cyber Security Platform, built for MSPs servicing SMBs The RocketCyber platform accelerates sales of security services through your white-labeled cloud console, cyber monitoring reports, and security alerts delivered to your PSA. Top 100 Best Hacking Tools that makes you a Real Hacker Hello People! Today I am gonna Tell you about Hacking Tools which are very powerful and dangerous.I think today I am gonna make your day.If you like this post please make a comment.I will be very glad!. * Silent Assassin v2.0 * Net Scan Tools v4.2 * Rocket v1.0 * NStealth HTTP Security Scanner v5.8. 16>Turkojan Crypter Free 90% [UD]. 42> Ardamax Keylogger VERSION 2.85 Ardamax Keylogger - invisible keystroke recorder with remote installation. Ardamax Keylogger is a keystroke recorder that captures user's activity and saves it to an. Oct 6, 2018 - SeaMonkey — Continuation of the Mozilla Internet Suite. Rocket.Chat Desktop — Desktop application for Rocket.Chat. Based on the. GPG-Crypter — Graphical front-end to GnuPG(GPG) using the GTK3 toolkit and GPGME library.|| asterAUR. Sep 24, 2015 Daca nu o sa fie FUD incercati sa cryptati de mai multe ori, folositi functiile random din setari. Researchers at Palo Alto Networks have been monitoring the group for some time and have reported attacks launched against government agencies, financial institutions and technology companies in Saudi Arabia, Israel, the United Arab Emirates, Lebanon, Kuwait and Qatar, the United States, and Turkey. The name OilRig was used by Palo Alto Networks to identify the campaign of this specific threat actor that leveraged on weaponize Microsoft Excel spreadsheets tracked as “Clayslide” and a backdoor called “Helminth.” OilRig operations were associated with the use of the remote access trojan (RAT), which was also used in other campaigns launched by the Iran-linked hacker group known as. In July 2017, OilRig started using a new strain of backdoor dubbed ISMAgent, which was developed based on the RAT. In August 2017, researchers with PaloAlto Networks observed the group using a new malware dubbed ISMInjector. “As its name suggests, ISMInjector is a Trojan that is responsible for injecting a Trojan into another process. The payload embedded within the ISMInjector sample delivered in this attack is a variant of the ISMAgent backdoor that we had discussed in detail in discussing a targeted attack on a Saudi Arabian technology company.” reads the published by PaloAlto Networks. The ISMInjector tool has a modular architecture and implements sophisticated anti-analysis techniques that were not previously exploited by the OilRig group. Cyber Crypter V2 Rocket 2Cyber Crypter V2 RocketsIn the attack against the UAE government, OilRig hackers delivered their malware using spear-phishing emails with weaponized documents, the emails were having the subject line “Important Issue.” An interesting aspect of the attack against the UAE government, it that the spear-phishing messages were sent from the targeted organization’s own domain. The hackers used a compromised (OWA) account whose credentials attackers obtained in a previous phishing attack. “This string in the header suggests that the OilRig actor is likely to have used the targeted organization’s Outlook Web Access (OWA) to send the phishing email using Firefox 36.” continues the analysis. “Using information from our research in the blog, we know the OilRig group has conducted credential harvesting campaigns specifically by emulating OWA login sites. Based on that research and this observation, we postulate that the OilRig group gathered credentials to a legitimate user’s OWA account and logged into the user’s account to send phishing attacks to other individuals within the same, targeted organization.” The weaponized documents delivered the ISMInjector Trojan, which in turn dropped a variant of the ISMAgent backdoor by injecting it into a remote process it created. Cyber Crypter V2 Rocket Ww2The malware implements a “state machines” approach to create a new process and inject the malicious payload into that process. Each state is responsible for carrying on particular action and it specifies the next state that should be executed. The states are not executed in sequential order making hard the analysis by security researchers, authors also used a crypter as anti-analysis mechanism. OilRig is just one of the Iran-linked, other groups tracked by security experts are,, Cobalt Gypsy (), (). Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at 'Cyber Defense Magazine', Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |