Earth Simnavaz, also known as APT34 and OilRig, has been actively targeting governmental entities in the UAE and Gulf region. The group employs sophisticated tactics, including a backdoor that exploits Microsoft Exchange servers for credential theft and the use of CVE-2024-30088 for privilege escalation. Their arsenal includes customized .NET tools, PowerShell scripts, and IIS-based malware designed to blend with normal network traffic. The attackers focus on exploiting vulnerabilities in key infrastructure of geopolitically sensitive areas, aiming to establish persistent footholds in compromised entities for potential future attacks. Recent activities show an escalation in cyber espionage efforts, particularly against critical sectors in the UAE, highlighting the ongoing threat posed by state-sponsored actors to national security and economic stability. Author: AlienVault
Related Tags:
gulf region
cve-2024-30088
iis malware
STEALHOOK
T1547.008
T1021.006
privilege escalation
Microsoft Exchange
cyber espionage
Associated Indicators:
DB79C39BC06E55A52741A9170D8007FA93AC712DF506632D624A651345D33F91
98FB12A9625D600535DF342551D30B27ED216FED14D9C6F63E8BF677CB730301
6D8BDD3E087B266D493074569A85E1173246D1D71EE88ECA94266B5802E28112
AF979580849CC4619B815551842F3265B06497972C61369798135145B82F3CD8
CA98A24507D62AFDB65E7AD7205DFE8CD9EF7D837126A3DFC95A74AF873B1DC5
1D2FF65AC590C8D0DEC581F6B6EFBF411A2CE5927419DA31D50156D8F1E3A4FF
B3257F0C0EF298363F89C7A61AB27A706E9E308C22F1820DC4F02DFA0F68D897
ABFC8E9B4B02E196AF83608D5AAEF1771354B32C898852DFF532BD8CFD2CE59D
27A0E31AE16CBC6129B4321D25515B9435C35CC2FA1FC748C6F109275BEE3D6C