Type
Campaign
Actors
APT34
Pub. date
October 11, 2024
Initial access
1-day vulnerability
Impact
Data exfiltration
Observed techniques
Vulnerability exploitationCredential theft
Observed tools
ngrok
Targeted technologies
Microsoft Exchange
References
https://www.trendmicro.com/en_us/research/24/j/earth-simnavaz-cyberattacks-uae-gulf-regions.html
Status
Finalized
Last edited
Oct 14, 2024 11:28 AM
Researchers at Trend Micro identified cyberattacks by Earth Simnavaz (also known as APT34 or OilRig), targeting UAE and Gulf region entities. The group exploits vulnerabilities, including CVE-2024-30088, to escalate privileges and deploy backdoors via Microsoft Exchange servers. Using tools like .NET malware, PowerShell scripts, and IIS-based threats, they aim to steal sensitive credentials and maintain persistence. The attackers leverage the remote management tool ngrok for covert control, posing ongoing risks to governmental and critical sectors.