The Iran-linked group is using a variant of the data-exfiltration OopsIE trojan to attack a Mideast government entity.
The OilRig group is back, using a reboot of the OopsIE trojan to pump information from its favorite resource: entities in the Middle East region.
OilRig, which is also called Cobalt Gypsy, Crambus, Helix Kitten or PT34, is suspected of having ties to Iran. The group was identified in 2015 and is believed to be linked to the Iranian Intelligence agency and the Islamic Revolutionary Guard Corps (IRGC). They’re known for attacking energy, financial, aviation, infrastructure, government and university organizations, primarily in the Middle East.