216.73.216.36

OilRig

· Published 16/12/2025 19:39 · Modified 27/03/2026 01:13 · Source: The MITRE Corporation

Essential information

Confidence
100/100
Published
16/12/2025 19:39
Modified
27/03/2026 01:13
Updated at
27/03/2026 01:13
Revoked
No
Author / Source
The MITRE Corporation
Resource level
Primary motivation
Related entities
1 reports, 134 attack patterns (mitre), 30 malware, 11 sectors, 13 countries, 100 indicators, 1 vulnerabilities (cve), 11 tool

Aliases

COBALT GYPSY IRN2 Helix Kitten Evasive Serpens Hazel Sandstorm EUROPIUM ITG13 TA452 Crambus Earth Simnavaz APT34

Description

[OilRig](https://attack.mitre.org/groups/G0049) is a suspected Iranian threat group that has targeted Middle Eastern and international victims since at least 2014. The group has targeted a variety of sectors, including financial, government, energy, chemical, and telecommunications. It appears the group carries out supply chain attacks, leveraging the trust relationship between organizations to attack their primary targets. The group works on behalf of the Iranian government based on infrastructure details that contain references to Iran, use of Iranian infrastructure, and targeting that aligns with nation-state interests.(Citation: FireEye APT34 Dec 2017)(Citation: Palo Alto OilRig April 2017)(Citation: ClearSky OilRig Jan 2017)(Citation: Palo Alto OilRig May 2016)(Citation: Palo Alto OilRig Oct 2016)(Citation: Unit42 OilRig Playbook 2023)(Citation: Unit 42 QUADAGENT July 2018)

Marking (TLP)

TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.

External references

Related entities

Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.