CarderPlanet
Professional
Iranian hackers are improving their espionage tools to gather intelligence from the region.
According to a report by Trend Micro, the Iranian hacker group OilRig (APT34, Cobalt Gypsy, Hazel Sandstorm, Helix Kitten), has launched a new cyber espionage operation, in which it infects victims with previously undocumented Menorah malware.
The researchers reported that Menorah is designed for cyber espionage and is capable of detecting a machine, reading and downloading files from the machine, and downloading other file or malware. It was not immediately clear who was the victim of the attack, but the use of false targets indicates that at least one of the targets is an organization located in Saudi Arabia.
The campaign uses phishing emails that contain a decoy document to create a scheduled task that ensures persistence, and to host the Menorah executable file, which in turn communicates with the remote server (C2 server) for further instructions. The command and control server is currently inactive.
Menorah, an improved version of the original C SideTwist malware discovered by Check Point in 2021, is equipped with various functions for collecting data about the target host, listing directories and files, downloading selected files from the infected system, executing shell commands, and uploading files to the system.
The researchers emphasized that the OilRig group is constantly developing and improving tools in an effort to reduce the likelihood of detection by security agencies and researchers.
According to a report by Trend Micro, the Iranian hacker group OilRig (APT34, Cobalt Gypsy, Hazel Sandstorm, Helix Kitten), has launched a new cyber espionage operation, in which it infects victims with previously undocumented Menorah malware.
The researchers reported that Menorah is designed for cyber espionage and is capable of detecting a machine, reading and downloading files from the machine, and downloading other file or malware. It was not immediately clear who was the victim of the attack, but the use of false targets indicates that at least one of the targets is an organization located in Saudi Arabia.
The campaign uses phishing emails that contain a decoy document to create a scheduled task that ensures persistence, and to host the Menorah executable file, which in turn communicates with the remote server (C2 server) for further instructions. The command and control server is currently inactive.
Menorah, an improved version of the original C SideTwist malware discovered by Check Point in 2021, is equipped with various functions for collecting data about the target host, listing directories and files, downloading selected files from the infected system, executing shell commands, and uploading files to the system.
The researchers emphasized that the OilRig group is constantly developing and improving tools in an effort to reduce the likelihood of detection by security agencies and researchers.
