Iranian threat actors are on the hunt for login credentials that can grant them access to organizations and personal systems of people in the United Arab Emirates and the broader Gulf region, experts have warned.
A report from cybersecurity researchers Trend Micro claims a group called OilRig (AKA APT43, or Cobalt Gipsy) has been going after vulnerable servers that they can use to deploy web shells. These, in turn, allow them to run PowerShell and consequently – deploy malware on the servers.
The malware then abuses a vulnerability tracked as CVE-2024-30088 to escalate privileges and allow the crooks to exfiltrate sensitive information. This vulnerability, patched by Microsoft in June 2024, is described as a Windows Kernel Elevation of Privilege flaw and has a base score of 7.0 (high).
Affiliation with ransomware players
The name of the malware used in these attacks is STEALHOOK. It essentially serves as an infostealer, since its goal is to exfiltrate data to a command & control (C2) server, operated by the attackers. What’s interesting about STEALHOOK is that it blends this information with legitimate one, and sends it out via an Exchange server.
BleepingComputer points out that OilRig is a state-sponsored actor, adding the group “remains highly active” in the Middle East region, and that it seems to be affiliated with FOX Kitten, another Iran-based APT group involved in ransomware attacks.
The majority of the targets work in the energy sector, Trend Micro concluded, warning that any disruption to the operation of these firms could impact the wider population greatly.
Despite there being evidence of abuse, the US Cybersecurity and Infrastructure Agency (CISA) is yet to place CVE-2024-30088 on its Known Exploited Vulnerabilities (KEV) catalog.
More from TechRadar Pro
Iranian hackers work with ransomware gangs to break into companies via VPN and firewall toolsHere’s a list of the best firewalls todayThese are the best endpoint protection tools right now
This articles is written by : Nermeen Nabil Khear Abdelmalak
All rights reserved to : USAGOLDMIES . www.usagoldmines.com
You can Enjoy surfing our website categories and read more content in many fields you may like .
Why USAGoldMines ?
USAGoldMines is a comprehensive website offering the latest in financial, crypto, and technical news. With specialized sections for each category, it provides readers with up-to-date market insights, investment trends, and technological advancements, making it a valuable resource for investors and enthusiasts in the fast-paced financial world.