The Iranian state-sponsored hacking outfit APT34, dubbed OilRig, has recently escalated its activity by launching new campaigns against government and vital infrastructure entities in the United Arab Emirates and the Gulf area.
OilRig employed a new backdoor to target Microsoft Exchange servers and steal passwords, as well as exploiting the Windows CVE-2024-30088 vulnerabilities to escalate their privileges on affected devices, according to Trend Micro researchers.
In addition to the activity, FOX Kitten, another Iran-based APT outfit involved in ransomware attacks, and OilRig have been linked by Trend Micro.
The attacks observed by Trend Micro start with the exploitation of an unprotected web server to upload a web shell, enabling the hackers to execute remote code and PowerShell commands. Once the web shell is activated, OilRig uses it to launch additional tools, including a component that exploits the Windows CVE-2024-30088 bug.
CVE-2024-30088 is a high-severity privilege escalation vulnerability that Microsoft patched in June 2024, allowing attackers to elevate their privileges to the SYSTEM level and gain significant control ov
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: