December 2, 2023

Suspected Iranian hackers lately launched a brand new cyber espionage operation, infecting their victims with the newly found Menorah malware, in response to a report printed Friday.

The hacking group APT34, also referred to as OilRig, Cobalt Gypsy, IRN2 and Helix Kitten, is believed to be based mostly in Iran. It has been concentrating on Center Jap international locations since no less than 2014, principally specializing in authorities organizations and companies within the monetary, vitality, chemical, and telecommunications sectors.

Of their most up-to-date marketing campaign, which started in August, the hackers despatched phishing emails to victims believed to be based mostly in Saudi Arabia, finally infecting them with the Menorah malware, in response to researchers from Pattern Micro.

The group’s malware is designed for cyber espionage: It could add chosen recordsdata from a compromised gadget, execute shell instructions, and obtain recordsdata to the system.

In line with a report, APT34’s new malware resembles the SideTwist backdoor, which the group had used earlier than. The brand new variant, nonetheless, has extra options and is tougher to detect.

“APT34 is in continuous-development mode, altering up and attempting which routines and methods will work,” the researchers mentioned.

Through the investigation, Pattern Micro might receive solely very restricted details about the victims focused by APT34. Their phishing emails used a faux file registration type related to the Seychelles Licensing Authority. This doc had pricing data in Saudi Arabian foreign money, suggesting that the focused sufferer was probably based mostly in Saudi Arabia, in response to the report.

APT34 has beforehand been concerned in high-profile cyberattacks in opposition to varied targets within the Center East. Final 12 months, it focused a authorities official at Jordan’s overseas ministry with Saitama backdoor. In 2021, the group launched assaults on a number of banks within the Center East.

“This group operates with a excessive diploma of sophistication and seemingly huge assets, posing a big cybersecurity problem regionally and past,” the researchers mentioned.

Get extra insights with the

Recorded Future

Intelligence Cloud.

Be taught extra.

No earlier article

No new articles

Daryna Antoniuk

Daryna Antoniuk
is a contract reporter for Recorded Future Information based mostly in Ukraine. She writes about cybersecurity startups, cyberattacks in Jap Europe and the state of the cyberwar between Ukraine and Russia. She beforehand was a tech reporter for Forbes Ukraine. Her work has additionally been printed at Sifted, The Kyiv Impartial and The Kyiv Put up.