🕵️

APT34

Aliases

ATK40, Cobalt Gypsy, Crambus, EUROPIUM, Evasive Serpens, G0049, Hazel Sandstorm, Helix Kitten, IRN2, TA452, Twisted Kitten, OilRig

Tags

Data Exfil.State-Sponsored

Attribution

🇮🇷

Incidents

Earth Simnavaz (APT34) Targeting UAE and Gulf Regions

References

https://malpedia.caad.fkie.fraunhofer.de/actor/oilrig

Last edited

Oct 27, 2024 7:58 AM

Status

Stub

Cloud-fluent

Targeted geography

Middle East

Targeted industries

GovernmentTelecommunicationEnergyFinance

OilRig, also known as APT34, is an Iranian threat group active since at least 2014, primarily targeting organizations in the Middle East across industries such as finance, government, energy, and telecommunications. Occasionally, it has extended operations beyond the region. OilRig leverages both social engineering and supply chain attacks, relying heavily on stolen credentials for lateral movement. Though it rarely exploits software vulnerabilities, the group demonstrates advanced capabilities through custom tools, including DNS tunneling protocols, web shells, and backdoors. Their operations align with Iranian national interests, leading researchers to assess that the group operates on behalf of the Iranian government.