October 13 2024 By Bill Toulas
The Iranian state-sponsored hacking group APT34, aka OilRig, has recently escalated its activities with new campaigns targeting government and critical infrastructure entities in the United Arab Emirates and the Gulf region.
In these attacks, spotted by Trend Micro researchers, OilRig deployed a novel backdoor, targeting Microsoft Exchange servers to steal credentials, and also exploited the Windows CVE-2024-30088 flaw to elevate their privileges on compromised devices.
Apart from the activity, Trend Micro has also made a connection between OilRig and FOX Kitten, another Iran-based APT group involved in ransomware attacks.