Breaking cybersecurity news, news analysis, commentary, and other content from around the world, with an initial focus on the Middle East & Africa and the Asia Pacific
Iran-Linked APT34 Spy Campaign Targets Saudis
The Menorah malware can upload and download files, as well as execute shell commands.
A phishing campaign which drops cyber espionage malware is taking aim at users in the Middle East.
The campaign is mounted by the infamous advanced persistent threat known as APT34 (aka OilRig, Helix Kitten, Cobalt Gypsy), and employs a custom tool that researchers have dubbed "Menorah." This malware is capable of identifying the target's machine, reading and uploading files from the machine, and downloading other files or malware.
According to research by Trend Micro, the document used in the attack contains pricing information in Saudi Riyal, which could indicate at least one targeted victim is inside Saudi Arabia.
Linked to Iran, APT34 typically focuses on collecting sensitive intelligence, and has been involved in high-profile cyberattacks against a diverse range of targets in the Middle East, including government agencies, critical infrastructure, telecommunications, and key regional entities.
Trend Micro's researchers said that a changing of tactics and tools is typical of APT groups and demonstrates their resources and varied skills. Being able to create new pieces of malware and tools allows such groups to continuously deploy new techniques "to ensure success in intrusions, stealth, and cyberespionage."
Read more about:
DR Global Middle East & AfricaAbout the Author
You May Also Like
Cybersecurity Day: How to Automate Security Analytics with AI and ML
Dec 17, 2024The Dirt on ROT Data
Dec 18, 2024