Unveiling the Tools and Techniques of APT34
Essential information
- Published
- 31/12/2024 16:19
- Modified
- 31/12/2024 16:27
- Tags
- 2024-12-31 CVE-2024-30088 apt34 helix kitten quadagent stealhook
- Related entities
- 1 vulnerabilities (cve), 5 observables, 1 intrusion sets (apt), 18 techniques (mitre), 3 malware, 8 others
Description
OilRig, also known as APT34 and Helix Kitten, is a sophisticated state-sponsored threat actor believed to be aligned with Iranian interests. Active since 2016, the group primarily targets organizations in the Middle East, focusing on sectors such as government, technology, and energy. OilRig employs advanced tactics including spearphishing, custom malware like Helminth and QUADAGENT, and exploitation of zero-day vulnerabilities. The group's operations showcase their ability to adapt to changing cybersecurity landscapes, leveraging obfuscation techniques and scripting languages to evade detection. Recent campaigns have demonstrated OilRig's proficiency in exploiting critical vulnerabilities and harvesting credentials, highlighting the persistent threat they pose to targeted organizations.