The Iranian state-sponsored threat actor known as OilRig deployed three different downloader malware throughout 2022 to maintain persistent access to victim organizations located in Israel. The three new downloaders have been named ODAgent, OilCheck, and OilBooster by Slovak cybersecurity company ESET. The attacks also involved the use of an updated version of a known OilRig downloader dubbed SampleCheck5000 (or SC5k). "These lightweight downloaders […] are notable for using one of several legitimate cloud service APIs for [command-and-control] communication and data exfiltration: the Microsoft Graph OneDrive or Outlook APIs, and the Microsoft Office Exchange Web Services (EWS) API," security researchers Zuzana Hromcová and Adam Burgher said in a report shared with The Hacker News. By using well-known cloud service providers for command-and-control communication, the goal is to blend with authentic network traffic and cover up the group's attack infrastructure. Some of the targets of the campaign include an organization in the healthcare sector, a manufacturing company, and a local governmental organization, among others. All the victims are said to have been previously targeted by the threat actor. UPCOMING WEBINAR [ Beat AI-Powered Threats with Zero Trust – Webinar for Security Professionals ](https://thehacker.news/zero-trust-attack-surface?source=inside) Traditional security measures won't cut it in today's world. It's time for Zero Trust Security. Secure your data…Read More
Iranian State-Sponsored OilRig Group Deploys 3 New Malware Downloaders
