Application security, Incident Response, Malware, Network Security, TDR

Oil ‘slick’: Sneaky OilRig malware campaign flows into new territory

A backdoor malware campaign dubbed OilRig that in May was discovered targeting organizations in Saudi Arabia is now trying to drill into government entities in Turkey, Israel and the U.S., as well as Qatari companies and organizations.

Palo Alto Networks Unit 42 threat research team updated the campaign's latest spear phishing efforts in a blog post yesterday, warning that the campaign has updated its “Helminth” backdoor software as well as the malicious Excel documents that distribute the malware via macros.

According to the blog post, the phishing emails targeting Qatari organizations “were very specific to the organization receiving them and in some cases were sent from partner organizations that already had a relationship with the recipient.”

Changes to malware over the last five months include the emergence of four distinct variants, each of which drops different filenames upon execution, Palo Alto continued in its report.

Bradley Barth

As director of community content at CyberRisk Alliance, Bradley Barth develops content for SC Media online conferences and events, as well as video/multimedia projects. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.