Iran-linked hackers increasingly spy on governments in Gulf region, researchers say

Siva Ramakrishnan
An Iran-linked cyberespionage group has stepped up its attacks in recent months against government agencies in the United Arab Emirates (UAE) and the broader Gulf region, according to a new report.

An Iran-linked cyberespionage group has stepped up its attacks in recent months against government agencies in the United Arab Emirates (UAE) and the broader Gulf region, according to a new report.

APT34, also known as Earth Simnavaz and OilRig, is believed to be an Iranian state-sponsored threat actor primarily targeting organizations in the Middle East, especially those in the oil and gas industries.

The hackers’ recent escalation in activity underscores their “ongoing commitment” to exploiting vulnerabilities within critical infrastructure and government networks in geopolitically sensitive areas, said researchers at the cybersecurity firm Trend Micro in a report released last week.

In their latest attacks, APT34 deployed a sophisticated new backdoor named Stealthook to exfiltrate sensitive credentials, including accounts and passwords, through on-premise Microsoft Exchange servers to those controlled by the attackers as email attachments.

The group is known for using compromised organizations to conduct supply chain attacks on other government entities, the researchers said. “We expect that the threat actor could use the stolen accounts to initiate new attacks through phishing against additional targets,” they added.

The group has also recently exploited the Windows CVE-2024-30088 flaw to escalate their privileges in targeted systems. This demonstrates APT34’s “continuous adaptation” by exploiting newer vulnerabilities to make their attacks stealthier and more effective, Trend Micro said.

The researchers warned that government organizations in the Middle East and Gulf region should take the threats from this group “seriously” and improve their defensive measures, because it uses tools to blend malicious activity with normal network traffic and avoid traditional detection methods.

CybercrimeGovernmentNewsNews Briefs
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Daryna Antoniuk

is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.

 

Total
0
Shares
Previous Post

Nation-State Attackers Exploiting Ivanti CSA Flaws for Network Infiltration

Next Post

Recently-patched Firefox bug exploited against Tor browser users

Related Posts

The Problem of Permissions and Non-Human Identities – Why Remediating Credentials Takes Longer Than You Think

According to research from GitGuardian and CyberArk, 79% of IT decision-makers reported having experienced a secrets leak, up from 75% in the previous year's report. At the same time, the number of leaked credentials has never been higher, with over 12.7 million hardcoded credentials in public GitHub repositories alone. One of the more troubling aspects of this report is that over 90% of valid
Avatar
Read More

Brazilian Hacker Charged for Extorting $3.2M in Bitcoin After Breaching 300,000 Accounts

A Brazilian citizen has been charged in the United States for allegedly threatening to release data stolen by hacking into a company's network in March 2020. Junior Barros De Oliveira, 29, of Curitiba, Brazil has been charged with four counts of extortionate threats involving information obtained from protected computers and four counts of threatening communications, the U.S. Department of
Avatar
Read More