Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Iranian OilRig Group Targets Iraqi Govt

September 13, 2024
Reading Time: 2 mins read
in Alerts
Iranian OilRig Group Targets Iraqi Govt

Iranian cyber group OilRig has launched a highly sophisticated malware campaign targeting key Iraqi government networks, including the Prime Minister’s Office and the Ministry of Foreign Affairs. According to cybersecurity firm Check Point, OilRig, which is also known by other aliases such as APT34 and Crambus, is a state-sponsored threat actor linked to Iran’s Ministry of Intelligence and Security (MOIS). The group has been active since at least 2014 and has established a reputation for using phishing attacks and custom backdoors to infiltrate and exfiltrate sensitive information across the Middle East.

The latest attack introduces two newly discovered malware families, Veaty and Spearal, which are distinguished by their advanced command-and-control (C2) mechanisms. Spearal, a .NET backdoor, employs DNS tunneling to communicate with its C2 server, encoding data in Base32 within DNS queries to avoid detection. This technique allows the malware to discreetly transmit data and receive commands without raising immediate red flags. On the other hand, Veaty uses compromised email accounts for C2 communications, facilitating command issuance, file downloads, and interaction with specific mailboxes within the targeted organizations. This method leverages the existing email infrastructure to mask its activities and extend its reach.

The initial phase of the attack involves deceptive files that masquerade as legitimate documents. When these files are executed, they deploy the malware and its associated configuration files, paving the way for further exploitation. The malware then establishes persistent access within the compromised networks, allowing the attackers to execute commands, harvest sensitive data, and maintain control over the targeted systems. The use of DNS tunneling by Spearal and email-based C2 channels by Veaty underscores OilRig’s sophisticated approach to maintaining stealth and evading detection.

This targeted campaign highlights OilRig’s ongoing and focused efforts to disrupt critical governmental infrastructure. The advanced techniques employed, including custom DNS protocols and email-based C2 channels, demonstrate a strategic effort by Iranian actors to enhance their operational capabilities and achieve their geopolitical objectives. The incident not only reflects the group’s technical prowess but also serves as a stark reminder of the persistent and evolving nature of cyber threats aimed at high-value government networks. As such, it underscores the need for continuous vigilance and advanced defensive measures to counteract the ever-present threats in the cyber landscape.

Reference:

  • Iranian Cyber Group OilRig Launches Malware Campaign on Iraqi Government
Tags: APT34Check PointCyber AlertsCyber Alerts 2024Cyber threatsGovernmentIranOilRigPrime MinisterSeptember 2024
ADVERTISEMENT

Related Posts

hpingbot Botnet Uses Pastebin C2 Channel

APT36 Targets Indian Defense Linux Systems

July 7, 2025
hpingbot Botnet Uses Pastebin C2 Channel

Hackers Abuse Driver Signing For Malware

July 7, 2025
hpingbot Botnet Uses Pastebin C2 Channel

hpingbot Botnet Uses Pastebin C2 Channel

July 7, 2025
Malicious Firefox Add Ons Steal Crypto Keys

Malicious Firefox Add Ons Steal Crypto Keys

July 4, 2025
Google Removes 352 ‘IconAds’ Fraud Apps

Google Removes 352 ‘IconAds’ Fraud Apps

July 4, 2025
Browser Cache Attack Bypasses Web Security

Browser Cache Attack Bypasses Web Security

July 4, 2025

Latest Alerts

APT36 Targets Indian Defense Linux Systems

hpingbot Botnet Uses Pastebin C2 Channel

Hackers Abuse Driver Signing For Malware

Google Removes 352 ‘IconAds’ Fraud Apps

Malicious Firefox Add Ons Steal Crypto Keys

Browser Cache Attack Bypasses Web Security

Subscribe to our newsletter

    Latest Incidents

    Ransomware Attack Causes Outage at Ingram

    Call of Duty Players Hacked on Game Pass

    RansomHub Claims Theft of Coppell City Data

    Tech Incubator IdeaLab Discloses Data Breach

    Brazil’s CIEE One Exposes 248,000 Records

    McLaughlin & Stern Discloses Data Breach

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial