TT Malware Log

マルウェア / サイバー攻撃 / 解析技術 に関する「個人」の調査・研究・参照ログ

APT34 / OilRig (まとめ)

【目次】

概要

【別名】
攻撃組織名 命名組織
APT34 FireEye
Helix Kitten Wikipedia
OilRig Kaspersky
Irn2
Pipefish iDefense
GreenBug
Chrysene
Crambus
Cobalt Gyp
【最新情報】

◆APT34 targets Jordan Government using new Saitama backdoor (Malwarebytes, 2022/05/10)
[APT34、新たな Saitama Backdoor を使ってヨルダン政府を標的にする]
https://blog.malwarebytes.com/threat-intelligence/2022/05/apt34-targets-jordan-government-using-new-saitama-backdoor/
https://malware-log.hatenablog.com/entry/2022/05/10/000000_1

◆Alleged Iranian hackers caught targeting Jordan’s foreign ministry (The Record, 2022/05/11)
[イラン人ハッカーがヨルダン外務省を標的にしたとの疑惑が浮上]
https://therecord.media/apt34-oilrig-iran-jordan-email-campaign-malwarebytes/
https://malware-log.hatenablog.com/entry/2022/05/11/000000

◆Iranian hackers exposed in a highly targeted espionage campaign (BleepingComputer, 2022/05/12 17:30)
[高度な標的型諜報活動で露呈したイラン人ハッカーたち]
https://www.bleepingcomputer.com/news/security/iranian-hackers-exposed-in-a-highly-targeted-espionage-campaign/
https://malware-log.hatenablog.com/entry/2022/05/12/000000_2

記事

【ニュース】


■2017年

◆OilRig Actors Provide a Glimpse into Development and Testing Efforts (paloalto, 2017/04/27 13:00)
https://researchcenter.paloaltonetworks.com/2017/04/unit42-oilrig-actors-provide-glimpse-development-testing-efforts/
https://malware-log.hatenablog.com/entry/2017/04/27/000000_9

◆IRANIAN HACKERS HAVE BEEN INFILTRATING CRITICAL INFRASTRUCTURE COMPANIES (WIRED, 2017/12/07)
https://www.wired.com/story/apt-34-iranian-hackers-critical-infrastructure-companies/
https://malware-log.hatenablog.com/entry/2017/12/07/000000_13

■2018年

◆Chafer: Latest Attacks Reveal Heightened Ambitions (Symantec, 2018/02/28)
https://www.symantec.com/blogs/threat-intelligence/chafer-latest-attacks-reveal-heightened-ambitions
https://malware-log.hatenablog.com/entry/2018/02/28/000000_2

◆活発な動きを見せるイランの「Chafer」 - サプライチェーン上流を標的に (Security NEXT, 2018/03/19)
http://www.security-next.com/091117
https://malware-log.hatenablog.com/entry/2018/03/19/000000_1


■2019年

◆DNSトンネリングの現状: OilRigのDNSトンネリング概要 (Paloalto, 2019/04/17 21:00)
https://www.paloaltonetworks.jp/company/in-the-news/2019/dns-tunneling-in-the-wild-overview-of-oilrigs-dns-tunneling
https://malware-log.hatenablog.com/entry/2019/04/17/000000_12

◆How companies – and the hackers themselves – could respond to the OilRig leak (CyberScoop, 2019/04/18)
https://www.cyberscoop.com/oilrig-leak-iran-telegram-helix-kitten/
https://malware-log.hatenablog.com/entry/2019/04/18/000000_11

◆イラン政府のハッカー集団、リンクトインでサイバー攻撃開始 (Forbes, 2019/07/24)
https://forbesjapan.com/articles/detail/28633
https://malware-log.hatenablog.com/entry/2019/07/24/000000


■2020年

◆米イランの対立で「サイバー空間」の戦争はどうなる? (ビジネス+IT, 2020/01/19)
https://www.sbbit.jp/article/cont1/37555
https://malware-log.hatenablog.com/entry/2020/01/19/000000

◆OilRig APT Drills into Malware Innovation with Unique Backdoor (Threat Post, 2020/07/22 17:14)
https://threatpost.com/oilrig-apt-unique-backdoor/157646/
https://malware-log.hatenablog.com/entry/2020/07/22/000000_11


■2021年

◆APT27 continues targeting the gambling industry. New APT34 activity. Malicious code in APKPure app store. (Cyberwire, 2021/04/14)
[APT27は引き続きギャンブル業界を標的にしています。新たなAPT34の活動。APKPureアプリストアに悪意のあるコード]
https://thecyberwire.com/newsletters/research-briefing/3/15
https://malware-log.hatenablog.com/entry/2021/04/14/000000_3

◆Iranian hacking group targets Israel with wiper disguised as ransomware (BleepingComputer, 2021/05/25 11:00)
[イランのハッキンググループ、ランサムウェアを装ったワイパーでイスラエルを狙う]

An Iranian hacking group has been observed camouflaging destructive attacks against Israeli targets as ransomware attacks while maintaining access to victims' networks for months in what looks like an extensive espionage campaign.

The threat actor, tracked as Agrius by SentinelLabs researchers, has targeted Israel starting with December 2020.

[イランのハッキンググループが、イスラエルの標的に対する破壊的な
攻撃をランサムウェア攻撃としてカモフラージュし、被害者のネット
ワークへのアクセスを数ヶ月間維持するという、大規模なスパイ活動
のような行為が確認されています。

SentinelLabsの研究者によってAgriusとして追跡されたこの脅威主体
は、2020年12月からイスラエルを標的にしています]

https://www.bleepingcomputer.com/news/security/iranian-hacking-group-targets-israel-with-wiper-disguised-as-ransomware/
https://malware-log.hatenablog.com/entry/2021/05/25/000000_2


■2022年

◆Alleged Iranian hackers caught targeting Jordan’s foreign ministry (The Record, 2022/05/11)
[イラン人ハッカーがヨルダン外務省を標的にしたとの疑惑が浮上]
https://therecord.media/apt34-oilrig-iran-jordan-email-campaign-malwarebytes/
https://malware-log.hatenablog.com/entry/2022/05/11/000000

◆Iranian hackers exposed in a highly targeted espionage campaign (BleepingComputer, 2022/05/12 17:30)
[高度な標的型諜報活動で露呈したイラン人ハッカーたち]
https://www.bleepingcomputer.com/news/security/iranian-hackers-exposed-in-a-highly-targeted-espionage-campaign/
https://malware-log.hatenablog.com/entry/2022/05/12/000000_2

【ブログ】

■2016年

◆OilRigマルウェア攻撃活動、ツールセットを更新し標的を拡大 (Paloalto, 2016/10/06 08:00)
https://www.paloaltonetworks.jp/company/in-the-news/2016/161005-unit42-oilrig-malware-campaign-updates-toolset-and-expands-targets
https://malware-log.hatenablog.com/entry/2016/10/06/000000_2


■2017年

◆The Curious Case of Mia Ash: Fake Persona Lures Middle Eastern Targets (SecureWorks, 2017/07/27)
https://www.secureworks.com/research/the-curious-case-of-mia-ash
https://malware-log.hatenablog.com/entry/2017/07/27/000000_8

◆OilRig Deploys “ALMA Communicator” – DNS Tunneling Trojan (paloalto, 2017/11/08 13:00)
https://researchcenter.paloaltonetworks.com/2017/11/unit42-oilrig-deploys-alma-communicator-dns-tunneling-trojan/
https://malware-log.hatenablog.com/entry/2017/11/08/000000_9

◆New Targeted Attack in the Middle East by APT34, a Suspected Iranian Threat Group, Using CVE-2017-11882 Exploit (FireEye, 2017/12/07)
https://www.fireeye.com/blog/threat-research/2017/12/targeted-attack-in-middle-east-by-apt34.html
https://malware-log.hatenablog.com/entry/2017/12/07/000000_11


■2018年

◆OopsIE! OilRig Uses ThreeDollars to Deliver New Trojan (paloalto, 2018/02/23 05:00)
https://researchcenter.paloaltonetworks.com/2018/02/unit42-oopsie-oilrig-uses-threedollars-deliver-new-trojan/
https://malware-log.hatenablog.com/entry/2018/02/23/000000_6


■2019年

◆Analyzing the APT34’s Jason project (SecurityAffairs, 2019/06/06)
https://securityaffairs.co/wordpress/86680/hacking/analyzing-apt34-jason-project.html
https://malware-log.hatenablog.com/entry/2019/06/06/000000_13

◆LinkedIn phishing attacks initiated by Iranian hacker group APT34 (TechGenix, 2019/07/22)
http://techgenix.com/apt34-linkedin-phishing/
https://malware-log.hatenablog.com/entry/2019/07/22/000000_8


■2020年

◆OilRig Targets Middle Eastern Telecommunications Organization and Adds Novel C2 Channel with Steganography to Its Inventory (UNIT42(Paloalto), 2020/07/22 06:00)
https://unit42.paloaltonetworks.com/oilrig-novel-c2-channel-steganography/
https://malware-log.hatenablog.com/entry/2020/07/22/000000_12


■2021年

◆Iran’s APT34 Returns with an Updated Arsenal (Checkpoint, 2021/04/08)
[イランのAPT34が最新の兵器工場を携えて帰ってきた]
https://research.checkpoint.com/2021/irans-apt34-returns-with-an-updated-arsenal/
https://malware-log.hatenablog.com/entry/2021/04/08/000000_8


■2022年

◆APT34 targets Jordan Government using new Saitama backdoor (Malwarebytes, 2022/05/10)
[APT34、新たな Saitama Backdoor を使ってヨルダン政府を標的にする]
https://blog.malwarebytes.com/threat-intelligence/2022/05/apt34-targets-jordan-government-using-new-saitama-backdoor/
https://malware-log.hatenablog.com/entry/2022/05/10/000000_1


【資料】

◆APT Group Profile: OilRig (IntSight)
https://intsights.com/resources/apt-group-profile-oilrig
https://malware-log.hatenablog.com/entry/2020/07/22/000000_13

関連情報

【関連まとめ記事】

全体まとめ
 ◆攻撃組織 / Actor (まとめ)

◆標的型攻撃組織 / APT (まとめ)
https://malware-log.hatenablog.com/entry/APT