【目次】
概要
【辞書】
◆APT34 (FireEye)
https://www.fireeye.jp/current-threats/apt-groups.html#apt34
◆OilRig (ATT&CK)
https://attack.mitre.org/groups/G0049/
◆OilRig (Malpedia)
https://malpedia.caad.fkie.fraunhofer.de/actor/oilrig
【別名】
| 攻撃組織名 | 命名組織 |
|---|---|
| APT34 | FireEye |
| Helix Kitten | Wikipedia |
| OilRig | Kaspersky |
| Irn2 | |
| Pipefish | iDefense |
| GreenBug | |
| Chrysene | |
| Crambus | |
| Cobalt Gyp |
【最新情報】
◆APT34 targets Jordan Government using new Saitama backdoor (Malwarebytes, 2022/05/10)
[APT34、新たな Saitama Backdoor を使ってヨルダン政府を標的にする]
https://blog.malwarebytes.com/threat-intelligence/2022/05/apt34-targets-jordan-government-using-new-saitama-backdoor/
⇒ https://malware-log.hatenablog.com/entry/2022/05/10/000000_1
◆Alleged Iranian hackers caught targeting Jordan’s foreign ministry (The Record, 2022/05/11)
[イラン人ハッカーがヨルダン外務省を標的にしたとの疑惑が浮上]
https://therecord.media/apt34-oilrig-iran-jordan-email-campaign-malwarebytes/
⇒ https://malware-log.hatenablog.com/entry/2022/05/11/000000
◆Iranian hackers exposed in a highly targeted espionage campaign (BleepingComputer, 2022/05/12 17:30)
[高度な標的型諜報活動で露呈したイラン人ハッカーたち]
https://www.bleepingcomputer.com/news/security/iranian-hackers-exposed-in-a-highly-targeted-espionage-campaign/
⇒ https://malware-log.hatenablog.com/entry/2022/05/12/000000_2
記事
【ニュース】
■2017年
◆OilRig Actors Provide a Glimpse into Development and Testing Efforts (paloalto, 2017/04/27 13:00)
https://researchcenter.paloaltonetworks.com/2017/04/unit42-oilrig-actors-provide-glimpse-development-testing-efforts/
⇒ https://malware-log.hatenablog.com/entry/2017/04/27/000000_9
◆IRANIAN HACKERS HAVE BEEN INFILTRATING CRITICAL INFRASTRUCTURE COMPANIES (WIRED, 2017/12/07)
https://www.wired.com/story/apt-34-iranian-hackers-critical-infrastructure-companies/
⇒ https://malware-log.hatenablog.com/entry/2017/12/07/000000_13
■2018年
◆Chafer: Latest Attacks Reveal Heightened Ambitions (Symantec, 2018/02/28)
https://www.symantec.com/blogs/threat-intelligence/chafer-latest-attacks-reveal-heightened-ambitions
⇒ https://malware-log.hatenablog.com/entry/2018/02/28/000000_2
◆活発な動きを見せるイランの「Chafer」 - サプライチェーン上流を標的に (Security NEXT, 2018/03/19)
http://www.security-next.com/091117
⇒ https://malware-log.hatenablog.com/entry/2018/03/19/000000_1
■2019年
◆DNSトンネリングの現状: OilRigのDNSトンネリング概要 (Paloalto, 2019/04/17 21:00)
https://www.paloaltonetworks.jp/company/in-the-news/2019/dns-tunneling-in-the-wild-overview-of-oilrigs-dns-tunneling
⇒ https://malware-log.hatenablog.com/entry/2019/04/17/000000_12
◆How companies – and the hackers themselves – could respond to the OilRig leak (CyberScoop, 2019/04/18)
https://www.cyberscoop.com/oilrig-leak-iran-telegram-helix-kitten/
⇒ https://malware-log.hatenablog.com/entry/2019/04/18/000000_11
◆イラン政府のハッカー集団、リンクトインでサイバー攻撃開始 (Forbes, 2019/07/24)
https://forbesjapan.com/articles/detail/28633
⇒ https://malware-log.hatenablog.com/entry/2019/07/24/000000
■2020年
◆米イランの対立で「サイバー空間」の戦争はどうなる? (ビジネス+IT, 2020/01/19)
https://www.sbbit.jp/article/cont1/37555
⇒ https://malware-log.hatenablog.com/entry/2020/01/19/000000
◆OilRig APT Drills into Malware Innovation with Unique Backdoor (Threat Post, 2020/07/22 17:14)
https://threatpost.com/oilrig-apt-unique-backdoor/157646/
⇒ https://malware-log.hatenablog.com/entry/2020/07/22/000000_11
■2021年
◆APT27 continues targeting the gambling industry. New APT34 activity. Malicious code in APKPure app store. (Cyberwire, 2021/04/14)
[APT27は引き続きギャンブル業界を標的にしています。新たなAPT34の活動。APKPureアプリストアに悪意のあるコード]
https://thecyberwire.com/newsletters/research-briefing/3/15
⇒ https://malware-log.hatenablog.com/entry/2021/04/14/000000_3
◆Iranian hacking group targets Israel with wiper disguised as ransomware (BleepingComputer, 2021/05/25 11:00)
[イランのハッキンググループ、ランサムウェアを装ったワイパーでイスラエルを狙う]An Iranian hacking group has been observed camouflaging destructive attacks against Israeli targets as ransomware attacks while maintaining access to victims' networks for months in what looks like an extensive espionage campaign.
The threat actor, tracked as Agrius by SentinelLabs researchers, has targeted Israel starting with December 2020.
[イランのハッキンググループが、イスラエルの標的に対する破壊的な
攻撃をランサムウェア攻撃としてカモフラージュし、被害者のネット
ワークへのアクセスを数ヶ月間維持するという、大規模なスパイ活動
のような行為が確認されています。SentinelLabsの研究者によってAgriusとして追跡されたこの脅威主体
は、2020年12月からイスラエルを標的にしています]https://www.bleepingcomputer.com/news/security/iranian-hacking-group-targets-israel-with-wiper-disguised-as-ransomware/
⇒ https://malware-log.hatenablog.com/entry/2021/05/25/000000_2
■2022年
◆Alleged Iranian hackers caught targeting Jordan’s foreign ministry (The Record, 2022/05/11)
[イラン人ハッカーがヨルダン外務省を標的にしたとの疑惑が浮上]
https://therecord.media/apt34-oilrig-iran-jordan-email-campaign-malwarebytes/
⇒ https://malware-log.hatenablog.com/entry/2022/05/11/000000
◆Iranian hackers exposed in a highly targeted espionage campaign (BleepingComputer, 2022/05/12 17:30)
[高度な標的型諜報活動で露呈したイラン人ハッカーたち]
https://www.bleepingcomputer.com/news/security/iranian-hackers-exposed-in-a-highly-targeted-espionage-campaign/
⇒ https://malware-log.hatenablog.com/entry/2022/05/12/000000_2
【ブログ】
■2016年
◆OilRigマルウェア攻撃活動、ツールセットを更新し標的を拡大 (Paloalto, 2016/10/06 08:00)
https://www.paloaltonetworks.jp/company/in-the-news/2016/161005-unit42-oilrig-malware-campaign-updates-toolset-and-expands-targets
⇒ https://malware-log.hatenablog.com/entry/2016/10/06/000000_2
■2017年
◆The Curious Case of Mia Ash: Fake Persona Lures Middle Eastern Targets (SecureWorks, 2017/07/27)
https://www.secureworks.com/research/the-curious-case-of-mia-ash
⇒ https://malware-log.hatenablog.com/entry/2017/07/27/000000_8
◆OilRig Deploys “ALMA Communicator” – DNS Tunneling Trojan (paloalto, 2017/11/08 13:00)
https://researchcenter.paloaltonetworks.com/2017/11/unit42-oilrig-deploys-alma-communicator-dns-tunneling-trojan/
⇒ https://malware-log.hatenablog.com/entry/2017/11/08/000000_9
◆New Targeted Attack in the Middle East by APT34, a Suspected Iranian Threat Group, Using CVE-2017-11882 Exploit (FireEye, 2017/12/07)
https://www.fireeye.com/blog/threat-research/2017/12/targeted-attack-in-middle-east-by-apt34.html
⇒ https://malware-log.hatenablog.com/entry/2017/12/07/000000_11
■2018年
◆OopsIE! OilRig Uses ThreeDollars to Deliver New Trojan (paloalto, 2018/02/23 05:00)
https://researchcenter.paloaltonetworks.com/2018/02/unit42-oopsie-oilrig-uses-threedollars-deliver-new-trojan/
⇒ https://malware-log.hatenablog.com/entry/2018/02/23/000000_6
■2019年
◆Analyzing the APT34’s Jason project (SecurityAffairs, 2019/06/06)
https://securityaffairs.co/wordpress/86680/hacking/analyzing-apt34-jason-project.html
⇒ https://malware-log.hatenablog.com/entry/2019/06/06/000000_13
◆LinkedIn phishing attacks initiated by Iranian hacker group APT34 (TechGenix, 2019/07/22)
http://techgenix.com/apt34-linkedin-phishing/
⇒ https://malware-log.hatenablog.com/entry/2019/07/22/000000_8
■2020年
◆OilRig Targets Middle Eastern Telecommunications Organization and Adds Novel C2 Channel with Steganography to Its Inventory (UNIT42(Paloalto), 2020/07/22 06:00)
https://unit42.paloaltonetworks.com/oilrig-novel-c2-channel-steganography/
⇒ https://malware-log.hatenablog.com/entry/2020/07/22/000000_12
■2021年
◆Iran’s APT34 Returns with an Updated Arsenal (Checkpoint, 2021/04/08)
[イランのAPT34が最新の兵器工場を携えて帰ってきた]
https://research.checkpoint.com/2021/irans-apt34-returns-with-an-updated-arsenal/
⇒ https://malware-log.hatenablog.com/entry/2021/04/08/000000_8
■2022年
◆APT34 targets Jordan Government using new Saitama backdoor (Malwarebytes, 2022/05/10)
[APT34、新たな Saitama Backdoor を使ってヨルダン政府を標的にする]
https://blog.malwarebytes.com/threat-intelligence/2022/05/apt34-targets-jordan-government-using-new-saitama-backdoor/
⇒ https://malware-log.hatenablog.com/entry/2022/05/10/000000_1
【資料】
◆APT Group Profile: OilRig (IntSight)
https://intsights.com/resources/apt-group-profile-oilrig
⇒ https://malware-log.hatenablog.com/entry/2020/07/22/000000_13
関連情報
【関連まとめ記事】
◆標的型攻撃組織 / APT (まとめ)
https://malware-log.hatenablog.com/entry/APT