Cloud Threat Landscape
  • Incidents
  • Actors
  • Techniques
  • Defenses
  • Tools
  • Targeted Technologies
  • Posters & Newspapers
  • About
  • RSS
  • STIX
  • Back to wiz.io

Made with 💙 by Wiz

Last Updated: April 3, 2025

Cloud Threat Landscape
/Incidents
Incidents
/
Earth Simnavaz (APT34) Targeting UAE and Gulf Regions

Earth Simnavaz (APT34) Targeting UAE and Gulf Regions

Type
Campaign
Actors
🕵️APT34
Pub. date
October 11, 2024
Initial access
1-day vulnerability
Impact
Data exfiltration
Observed techniques
Vulnerability exploitationCredential theft
Observed tools
ngrok
Targeted technologies
Microsoft Exchange
References
https://www.trendmicro.com/en_us/research/24/j/earth-simnavaz-cyberattacks-uae-gulf-regions.html
Status
Finalized
Last edited
Oct 14, 2024 11:28 AM

Researchers at Trend Micro identified cyberattacks by Earth Simnavaz (also known as APT34 or OilRig), targeting UAE and Gulf region entities. The group exploits vulnerabilities, including CVE-2024-30088, to escalate privileges and deploy backdoors via Microsoft Exchange servers. Using tools like .NET malware, PowerShell scripts, and IIS-based threats, they aim to steal sensitive credentials and maintain persistence. The attackers leverage the remote management tool ngrok for covert control, posing ongoing risks to governmental and critical sectors.