Iranian State-Sponsored OilRig Group Deploys 3 New Malware Downloaders

Throughout 2022, the Iranian state-sponsored threat actor known as OilRig released three distinct downloader malware programs in an effort to keep Israeli victim organizations under constant attack.

The Slovak cybersecurity company ESET has named the three new downloaders as OilBooster, OilCheck, and ODAgent. Additionally, an upgraded version of the well-known OilRig downloader SampleCheck5000 (also known as SC5k) was used in the attacks.

Security researchers Zuzana Hromcová and Adam Burgher stated in a report shared with The Hacker News that “these lightweight downloaders […] are notable for using one of several legitimate cloud service APIs for [command-and-control] communication and data exfiltration: the Microsoft Graph OneDrive or Outlook APIs read more Iranian State-Sponsored OilRig Group Deploys 3 New Malware Downloaders.

Get up to date on the latest cybersecurity news and enhance your knowledge of cybersecurity with our thorough coverage of the dangers, breaches, and solutions.

Leave a Reply

Your email address will not be published. Required fields are marked *