BTC $63442.8276
ETH $3469.7477
BNB $414.4838
SOL $128.8578
XRP $0.6333
ADA $0.7553
DOGE $0.1556
AVAX $42.2817
DOT $9.6926
wstETH $4022.3454
TRX $0.1396
LINK $20.2249
WETH $3455.5461
MATIC $1.0912
UNI $12.3248
WBTC $63402.0644
BCH $454.1971
LTC $89.7149
IMX $3.2697
ICP $13.1197
FIL $10.0810
CAKE $3.2889
ETC $33.3804
LEO $4.7626
ATOM $12.4298
RNDR $7.5236
TON $2.6714
KAS $0.1683
HBAR $0.1120
INJ $39.9268
DAI $0.9998
OKB $57.5556
VET $0.0485
STX $3.0863
FDUSD $0.9998
WEMIX $2.8006
XLM $0.1364
NEAR $4.5218
PEPE $0.0000
XMR $146.1340
LDO $3.3155
GRT $0.3143
ARB $1.9894
THETA $2.3291
TIA $15.9776
ENS $21.4774
CRO $0.1387
BTC $63442.8276
ETH $3469.7477
BNB $414.4838
SOL $128.8578
XRP $0.6333
ADA $0.7553
DOGE $0.1556
AVAX $42.2817
DOT $9.6926
wstETH $4022.3454
TRX $0.1396
LINK $20.2249
WETH $3455.5461
MATIC $1.0912
UNI $12.3248
WBTC $63402.0644
BCH $454.1971
LTC $89.7149
IMX $3.2697
ICP $13.1197
FIL $10.0810
CAKE $3.2889
ETC $33.3804
LEO $4.7626
ATOM $12.4298
RNDR $7.5236
TON $2.6714
KAS $0.1683
HBAR $0.1120
INJ $39.9268
DAI $0.9998
OKB $57.5556
VET $0.0485
STX $3.0863
FDUSD $0.9998
WEMIX $2.8006
XLM $0.1364
NEAR $4.5218
PEPE $0.0000
XMR $146.1340
LDO $3.3155
GRT $0.3143
ARB $1.9894
THETA $2.3291
TIA $15.9776
ENS $21.4774
CRO $0.1387
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Iranian hackers use new backdoor to spy on Middle Eastern governments


    Cybercriminals use unknown malware that uses government mail to collect data.

    Cybersecurity researchers at cybersecurity company Trend Micro say Iranian APT group OilRig (APT34, Cobalt Gypsy, Europium, and Helix Kitten) continues to attack government organizations in the Middle East as part of a cyber-espionage campaign that uses a new backdoor to steal data.

    The campaign uses legitimate but compromised email accounts to send stolen data to external email accounts controlled by attackers.

    To send the data, a .NET based backdoor is used, which is tasked with delivering 4 different files, including the main implant ("DevicesSrv.exe") exfiltrating certain files.

    The second step uses a DLL file that collects credentials for domain users and local profiles.

    The most notable aspect of the backdoor is its exfiltration procedure, which involves using stolen credentials to send emails to attacker-controlled Gmail and Proton Mail email addresses. The hackers send these emails through the government's Exchange servers using compromised legitimate accounts.

    Experts have linked this campaign to APT34 due to the similarity between the droppers of the first stage and the backdoor of the Saitama group, victimology and the use of Internet-facing exchange servers as a communication method, as was observed in the case of the Karkoff malware.

    Despite the simplicity of the procedure, the novelty of the second and final phase also indicates that the entire procedure may be just a small part of a larger campaign aimed at governments, the researchers said.

    Author DeepWeb
    Legitimate Microsoft VSTO tool will be used more often by hackers to infect devices
    Cisco has fixed a bug that allowing you to keep the backdoor even when updating

    Comments 0

    Add comment