Iran-linked hackers increasingly spy on governments in Gulf region, researchers say

Siva Ramakrishnan
An Iran-linked cyberespionage group has stepped up its attacks in recent months against government agencies in the United Arab Emirates (UAE) and the broader Gulf region, according to a new report.

An Iran-linked cyberespionage group has stepped up its attacks in recent months against government agencies in the United Arab Emirates (UAE) and the broader Gulf region, according to a new report.

APT34, also known as Earth Simnavaz and OilRig, is believed to be an Iranian state-sponsored threat actor primarily targeting organizations in the Middle East, especially those in the oil and gas industries.

The hackers’ recent escalation in activity underscores their “ongoing commitment” to exploiting vulnerabilities within critical infrastructure and government networks in geopolitically sensitive areas, said researchers at the cybersecurity firm Trend Micro in a report released last week.

In their latest attacks, APT34 deployed a sophisticated new backdoor named Stealthook to exfiltrate sensitive credentials, including accounts and passwords, through on-premise Microsoft Exchange servers to those controlled by the attackers as email attachments.

The group is known for using compromised organizations to conduct supply chain attacks on other government entities, the researchers said. “We expect that the threat actor could use the stolen accounts to initiate new attacks through phishing against additional targets,” they added.

The group has also recently exploited the Windows CVE-2024-30088 flaw to escalate their privileges in targeted systems. This demonstrates APT34’s “continuous adaptation” by exploiting newer vulnerabilities to make their attacks stealthier and more effective, Trend Micro said.

The researchers warned that government organizations in the Middle East and Gulf region should take the threats from this group “seriously” and improve their defensive measures, because it uses tools to blend malicious activity with normal network traffic and avoid traditional detection methods.

CybercrimeGovernmentNewsNews Briefs
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Daryna Antoniuk

is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.

 

Total
0
Shares
Previous Post

Nation-State Attackers Exploiting Ivanti CSA Flaws for Network Infiltration

Next Post

Recently-patched Firefox bug exploited against Tor browser users

Related Posts

New Flaws in Citrix Virtual Apps Enable RCE Attacks via MSMQ Misconfiguration

Cybersecurity researchers have disclosed new security flaws impacting Citrix Virtual Apps and Desktop that could be exploited to achieve unauthenticated remote code execution (RCE) The issue, per findings from watchTowr, is rooted in the Session Recording component that allows system administrators to capture user activity, and record keyboard and mouse input, along with a video stream of the
Avatar
Read More