Advanced Cyberattacks Against UAE and Gulf Regions

Oct. 14, 2024, 10:46 a.m.

Tags
cyber espionage
credential theft
oilrig
CVE-2024-30088
privilege escalation
microsoft exchange
2024-10-14
apt34
stealhook
iis malware
gulf region
uae
External References
Description

Earth Simnavaz, also known as APT34 and OilRig, has been actively targeting governmental entities in the UAE and Gulf region. The group employs sophisticated tactics, including a backdoor that exploits Microsoft Exchange servers for credential theft and the use of CVE-2024-30088 for privilege escalation. Their arsenal includes customized .NET tools, PowerShell scripts, and IIS-based malware designed to blend with normal network traffic. The attackers focus on exploiting vulnerabilities in key infrastructure of geopolitically sensitive areas, aiming to establish persistent footholds in compromised entities for potential future attacks. Recent activities show an escalation in cyber espionage efforts, particularly against critical sectors in the UAE, highlighting the ongoing threat posed by state-sponsored actors to national security and economic stability.

Date

Published: Oct. 14, 2024, 10:21 a.m.

Created: Oct. 14, 2024, 10:21 a.m.

Modified: Oct. 14, 2024, 10:46 a.m.

Indicators

edfae1a69522f87b12c6dac3225d930e4848832e3c551ee1e7d31736bf4525ef

db79c39bc06e55a52741a9170d8007fa93ac712df506632d624a651345d33f91

ca98a24507d62afdb65e7ad7205dfe8cd9ef7d837126a3dfc95a74af873b1dc5

c0189edde8fa030ff4a70492ced24e325847b04dba33821cf637219d0ddff3c9

b3257f0c0ef298363f89c7a61ab27a706e9e308c22f1820dc4f02dfa0f68d897

af979580849cc4619b815551842f3265b06497972c61369798135145b82f3cd8

abfc8e9b4b02e196af83608d5aaef1771354b32c898852dff532bd8cfd2ce59d

98fb12a9625d600535df342551d30b27ed216fed14d9c6f63e8bf677cb730301

a24303234e0cc6f403fca8943e7170c90b69976015b6a84d64a9667810023ed7

7ebbeb2a25da1b09a98e1a373c78486ed2c5a7f2a16eec63e576c99efe0c7a49

6e4f237ef084e400b43bc18860d9c781c851012652b558f57527cf61bee1e1ef

6d8bdd3e087b266d493074569a85e1173246d1d71ee88eca94266b5802e28112

54e8fbae0aa7a279aaedb6d8eec0f95971397fea7fcee6c143772c8ee6e6b498

43c83976d9b6d19c63aef8715f7929557e93102ff0271b3539ccf2ef485a01a7

27a0e31ae16cbc6129b4321d25515b9435c35cc2fa1fc748c6f109275bee3d6c

1d2ff65ac590c8d0dec581f6b6efbf411a2ce5927419da31d50156d8f1e3a4ff

1169d8fe861054d99b10f7a3c87e3bbbd941e585ce932e9e543a2efd701deac2

Download all indicators here!

Attack Patterns

STEALHOOK

Earth Simnavaz

T1021.006

T1505.003

T1547.008

T1059.001

T1567

T1114

T1095

T1204.002

T1219

T1140

T1190

T1133

T1078

T1003

CVE-2024-30088

Additional Informations

Energy

Government

United Arab Emirates