Israeli orgs targeted by new OilRig malware downloaders

Israeli organizations previously compromised by Iranian advanced persistent threat operation OilRig, also known as APT34, including a local government entity, a manufacturing firm, and healthcare organizations, have been targeted by the APT anew with the novel ODAgent, OilBooster, and OilCheck malware downloaders according to The Record, a news site by cybersecurity firm Recorded Future. OilRig also deployed the SampleCheck5000 downloader, an updated version of a previously used malware downloading tool, against the targeted organizations, a report from ESET revealed. Moreover, malicious activity has been concealed through command-and-control communications via popular cloud service providers. While details regarding the success of the intrusions remain unclear, the findings indicate the persistence of OilRig in its attacks, said researchers. "The continuous development and testing of new variants, experimentation with various cloud services and different programming languages, and the dedication to re-compromise the same targets over and over again, make OilRig a group to watch out for," noted ESET researcher Zuzana Hromcova.