New Menorah malware bolsters OilRig APT’s cyberespionage efforts

Iranian advanced persistent threat operation OilRig, also known as APT34, Helix Kitten, Hazel Sandstorm, and Cobalt Gypsy, had its cyberespionage arsenal strengthened with the novel Menorah malware deployed in a spear-phishing campaign, which included a Saudi Arabia-based organization as one of its targets, reports The Hacker News. Attacks commenced with the delivery of a lure document that enabled persistence and the deployment of the Menorah executable that builds remote server communications, a report from Trend Micro revealed. Menorah, which was discovered to be based on OilRig's original SideTwist malware, was found to feature not only targeted host fingerprinting and directory and file listing capabilities, but also compromised system file uploading, shell command execution, and file downloading features. "Typical of APT groups, APT34 demonstrates their vast resources and varied skills, and will likely persist in customizing routines and social engineering techniques to use per targeted organization to ensure success in intrusions, stealth, and cyberespionage," said researchers.