In a recent cyber espionage operation, suspected Iranian hackers infected their targets with the newly discovered Menorah Malware, according to a report released on Friday.
APT34, also known as OilRig, Cobalt Gypsy, IRN2, and Helix Kitten, is believed to have its headquarters in Iran. Since at least 2014, it has targeted Middle Eastern nations, primarily concentrating on governmental institutions and companies in the finance, oil, chemical, and telecommunications industries.
Researchers from Trend Micro claim that in August, the hackers infected targets suspected to be headquartered in Saudi Arabia with the Menorah malware via a series of phishing emails.
The malware designed by the group is intended for cyber espionage; it has the ability to download files to the system, run shell commands, and upload particular files from a compromised device.
The SideTwist backdoor, which the organisation had previously utilised, is said to be similar to the new malware created by APT34. But the new version is more complex and more difficult to spot.
“APT34 is in continuous-development mode, changing up and trying which routines and techniques will work,” the researchers explained.
A tiny portion of data regarding the victims targeted by APT34 was discovered by Trend Micro during the investigation. They impersonated the Seychelles Licensing Authority in their phishing emails by using a fake file registration form.
According to the investigation, the target victim was probably based in Saudi Arabia because this document included price information in Saudi Arabian currency.
APT34 has a history of taking part in prominent cyberattacks on numerous targets in the Middle East. A government official in Jordan's foreign ministry was the target of Saitama's backdoor last year. The gang attacked a number of Middle Eastern banks in 2021.
“This group operates with a high degree of sophistication and seemingly vast resources, posing a significant cybersecurity challenge regionally and beyond,” the researchers added. "Organisations should regularly alert their staff to the numerous techniques that attackers use to target systems, confidential information, and personal information."