Cybersecurity experts say that there is a new threat against Middle East organisations, and more specifically within the United Arab Emirates, and other Gulf countries. There is an Iranian gang cybercrime known as OilRig that aims to hunt login credentials for access into several organisations and personal systems, with a focus on infiltration of key infrastructures within the region.
Role of OilRig in Attacks
OilRig is another notorious state-sponsored hacking group. At other times, it was known by the designations APT43 and Cobalt Gipsy. Its origins date back to Iranian government sponsorship. And in previous campaigns, OilRig has mainly focused on exploiting exposed servers with web shells – a category of malicious software. This gives attackers the ability to take control of an affected server remotely and run PowerShell scripts from it. As such, such a gain in access allows it to facilitate attackers in finding deeper access into the system.
Once the group fully takes over the system, they exploit the flaw CVE-2024-30088. Microsoft discovered that it had patched this security vulnerability in June 2024 for the Windows operating system. This allows the attackers to elevate their privilege, which gives attackers access to the forbidden areas of the system, thus limiting their operations. According to Microsoft, this is a high-risk vulnerability with a base score of 7.0.
How the Malware Works
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents