OilRig APT Continues Its Ongoing Malware Evolution


The Iran-linked APT appears to be in a state of continuous tool development, analogous to the DevOps efforts seen in the legitimate software world.

OilRig, an APT group believed to have ties to Iran, has been spotted in yet another campaign in the Middle East – this time targeting victims within an undisclosed government using an evolved variant of the BondUpdater trojan.

The group, which is also called Cobalt Gypsy, Crambus, Helix Kitten or PT34, was recently spotted using a reboot of the OopsIE trojan to mine information from other entities in the Middle East. Believed to be a state-sponsored group under the auspices of to the Iranian intelligence agency and the Islamic Revolutionary Guard Corps (IRGC), OilRig’s primary purpose appears to be espionage efforts targeted at financial, aviation, infrastructure, government and university organizations in the MidEast region.

Read more…
Source:  ThreatPost