"Iranian OilRig Hackers Using New Backdoor to Exfiltrate Data from Govt. Organizations"

OilRig, an Iranian nation-state hacking group, has continued to target Middle Eastern government organizations as part of a cyber espionage campaign involving a novel backdoor to exfiltrate data. According to Trend Micro researchers, the campaign exploits legitimate but compromised email accounts to relay stolen data to external attacker-controlled mail accounts. While this method is not new, this is the first time OilRig has incorporated it into its playbook, demonstrating the continuing growth of its tactics to circumvent security measures. Since at least 2014, the Advanced Persistent Threat (APT) group, also known as APT34, Cobalt Gypsy, Europium, and Helix Kitten, has been linked to targeted phishing attacks in the Middle East. This article continues to discuss the OilRig Iranian nation-state hacking group and its use of a new backdoor to exfiltrate data. 

THN reports "Iranian OilRig Hackers Using New Backdoor to Exfiltrate Data from Govt. Organizations"