Iran-Linked OilRig APT Found Using a New Backdoor

Iran-Linked OilRig APT Found Using a New Backdoor

According to fresh data published this week, the Iran-linked hacking organization OilRig used a new backdoor in an attack against a senior officer within Jordan’s foreign ministry.

OilRig, also known as APT34, Helix Kitten, and Cobalt Gypsy, has been active since at least 2014 and is thought to be tied to Iranian government goals. Security researchers from Fortinet and Malwarebytes discovered a malicious Excel document delivered to the Jordanian diplomat by the hacking organisation towards the end of April 2022, which was aimed to drop a new backdoor named Saitama.

The phishing email purportedly came from an IT department staffer but from outside the organisation. The attack was discovered after the recipient forwarded the message to a real IT employee to double-check its authenticity.

Read More: