Malware, Threat Intelligence

Novel payloads deployed in new OilRig APT campaign against Iraq

Share
(Adobe Stock)

Attacks with the novel Veaty and Spearal malware strains have been deployed by Iranian state-backed advanced persistent threat operation OilRig, also known as APT34, against Iraqi government agencies and organizations as part of a new cyberespionage campaign, reports The Record, a news site by cybersecurity firm Recorded Future.

OilRig may have leveraged social engineering techniques to lure targets into opening malicious documents that trigger the deployment of both payloads, which use different command-and-control mechanisms, according to a report from Check Point. While breached email accounts have been utilized by Veaty for C2 communications, such task has been conducted by Spearal through a custom DNS protocol that masks data as normal DNS traffic, noted Check Point researchers. "This campaign against Iraqi government infrastructure highlights the sustained and focused efforts of Iranian threat actors operating in the region," said researchers. Such an attack campaign comes after several Israeli organizations were targeted by the group in support of Palestinian militant group Hamas.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.