OilRig
G00491 reportsAnalyst assessment — key judgments
- Signature techniques: T1588.006 (Vulnerabilities), T1069.001 (Local Groups), T1589.001 (Credentials).
- Primary targeting: IL, IR, US.
- Newly emerged: 1 report(s) in last 30d vs 0 prior (+100%).
- Recent movement: 5 new technique(s), 26 new infrastructure indicator(s) in the last 30 days.
- Hunt coverage 80% of 5 observed techniques (1 gap(s)).
- Assessment confidence: medium (60).
Activity & trend
Movement — last 30 days
Overview
OilRig is a suspected Iranian threat group that has targeted Middle Eastern and international victims since at least 2014. The group has targeted a variety of sectors, including financial, government, energy, chemical, and telecommunications. It appears the group carries out supply chain attacks, leveraging the trust relationship between organizations to attack their primary targets. The group works on behalf of the Iranian government based on infrastructure details that contain references to Iran, use of Iranian infrastructure, and targeting that aligns with nation-state interests.(Citation: FireEye APT34 Dec 2017)(Citation: Palo Alto OilRig April 2017)(Citation: ClearSky OilRig Jan 2017)(Citation: Palo Alto OilRig May 2016)(Citation: Palo Alto OilRig Oct 2016)(Citation: Unit42 OilRig Playbook 2023)(Citation: Unit 42 QUADAGENT July 2018)
ATT&CK technique matrix
- T1588.006 · Vulnerabilitiesconf 601
- T1069.001 · Local Groupsconf 601
- T1589.001 · Credentialsconf 601
- T1027.003 · Steganographyconf 601
- T1001.002 · Steganographyconf 601
Threat catalogue · engineering roadmap
Uncovered techniques you flagged for hunt / detection build-out, aggregated across every actor you visit. Stored locally in your browser.
Infrastructure
Relationships
Activity
| Title | Source | Severity | Collected |
|---|