Recently, Trend Micro has been tracking Earth Simnavaz (also known as APT34 and OilRig), a cyber espionage group. This group primarily targets organizations in the energy sector, particularly those involved in oil and gas, as well as other infrastructure.
It is known for using sophisticated tactics, techniques, and procedures (TTPs) to gain unauthorized access to networks and exfiltrate sensitive information. In recent months, there has been a notable rise in cyberattacks attributed to this APT group specifically targeting infrastructure in the Middle East region. This escalation in activity underscores the group’s ongoing commitment to exploiting vulnerabilities within infrastructure frameworks in these geopolitically sensitive areas.
Read more…
Source: Trend Micro
Related:
- AdvisorsBot Downloader Emerges in Raft of Malware Campaigns
August 23, 2018
A tricky downloader has hit the scene in a series of campaigns targeting restaurants, hotels and telecommunications companies. A new downloader was disclosed today, sporting significant anti-analysis features and increasingly sophisticated distribution techniques. Researchers at Proofpoint have been tracking the downloader as a first-stage payload in campaigns since May 2018. Dubbed AdvisorsBot (due to early command-and-control domains, ...
- New Attack Recovers RSA Encryption Keys from EM Waves Within Seconds
August 22, 2018
A research paper presented at the Usenix security conference last week detailed a new technique for retrieving encryption keys from electronic devices, a method that is much faster than all previously known techniques. The approach relies on recording electromagnetic (EM) emanations coming off a device as it performs an encryption or decryption operation. Read more… Source: Bleeping Computer
- New Apache Struts RCE Flaw Lets Hackers Take Over Web Servers
August 22, 2018
Semmle security researcher Man Yue Mo has disclosed a critical remote code execution vulnerability in the popular Apache Struts web application framework that could allow remote attackers to run malicious code on the affected servers. Apache Struts is an open source framework for developing web applications in the Java programming language and is widely used by enterprises globally, ...
- Retro tech leaves NHS open to cyber-attacks, say researchers
August 20, 2018
Hackers could gain access to NHS networks by exploiting vulnerabilities in fax machines, security researchers have suggested. Staff at Check Point Software discovered exploits in widely-used fax machines that enable hackers to spread malware through a malicious image file. Malware can be coded into the image file which, when decoded by the fax machine and uploaded to its ...
- Cyber security threat to Britain’s oil and gas sites as attack could cause ‘unprecedented damage’
August 17, 2018
Brian Lord OBE says a successful attack on its infrastructure could cause “unprecedented damage” and “unrest across the world”. With a complex ecosystem of computation, networking, and physical operational processes spread around the world the industry has a large attack surface with many attack vectors. A typical large oil and gas company uses half a million processors ...
- FBI Warns Of ATM Hacking Campaign
August 16, 2018
The FBI has warned banks that cybercriminals are preparing to carry out a “highly choreographed, global fraud scheme known as an ‘ATM cash-out’.” The threat, reported by Krebs On Security cybersecurity blog, will apparently see criminals hacking a bank or payment card processor, and using cloned cards at ATMs around the world to fraudulently withdraw “millions of ...