Unveiling the Tools and Techniques of APT34
Dec. 31, 2024, 4:27 p.m.
Tags
External References
Description
OilRig, also known as APT34 and Helix Kitten, is a sophisticated state-sponsored threat actor believed to be aligned with Iranian interests. Active since 2016, the group primarily targets organizations in the Middle East, focusing on sectors such as government, technology, and energy. OilRig employs advanced tactics including spearphishing, custom malware like Helminth and QUADAGENT, and exploitation of zero-day vulnerabilities. The group's operations showcase their ability to adapt to changing cybersecurity landscapes, leveraging obfuscation techniques and scripting languages to evade detection. Recent campaigns have demonstrated OilRig's proficiency in exploiting critical vulnerabilities and harvesting credentials, highlighting the persistent threat they pose to targeted organizations.
Date
Published: Dec. 31, 2024, 4:19 p.m.
Created: Dec. 31, 2024, 4:19 p.m.
Modified: Dec. 31, 2024, 4:27 p.m.
Indicators
d7130e42663e95d23c547d57e55099c239fa249ce3f6537b7f2a8033f3aa73de
9f31a1908afb23a1029c079ee9ba8bdf0f4c815addbe8eac85b4163e02b5e777
5db93f1e882f4d7d6a9669f8b1ab091c0545e12a317ba94c1535eb86bc17bd5b
1f6369b42a76d02f32558912b57ede4f5ff0a90b18d3b96a4fe24120fa2c300c
0ca0febadb1024b0a8961f21edbf3f6df731ca4dd82702de3793e757687aefbc
Attack Patterns
QUADAGENT - S0269
Helminth - S0170
STEALHOOK
OilRig
T1048
T1572
T1497
T1555
T1021
T1573
T1016
T1071
T1204
T1140
T1027
T1053
T1056
T1566
T1078
T1068
T1003
T1059
CVE-2024-30088
Additional Informations
Technology
Energy
Government
Qatar
Saudi Arabia
United Arab Emirates
Oman
Israel