Palo Alto Networks

OilRig attacks

OilRig Deploys “ALMA Communicator” – DNS Tunneling Trojan

Unit 42 has been closely tracking the OilRig threat group since May 2016. One technique we’ve been tracking with this threat group is their use of the Clayslide delivery document as attachments to spear-phishing emails in attacks since May 2016. In our April 2017 posting OilRig Actors Provide a Glimpse into Development and Testing Efforts we showed how we observed the OilRig threat group developing and refining these Clayside delivery documents....

Unit 42

Nov 08, 2017

By Robert Falcone

Palo Alto Networks

Products and Services

Partners

Unit 42

OilRig Uses ISMDoor Variant; Possibly Linked to Greenbug Threat Group

Unit 42 has discovered activity involving threat actors responsible for the OilRig campaign with a potential link to a threat group known as GreenBug. Symantec first reported on th...

Jul 27, 2017

By Robert Falcone and Bryan Lee

Unit 42

OilRig Actors Provide a Glimpse into Development and Testing Efforts

Throughout an attack campaign, actors will continue to develop their tools in an attempt to remain undetected and to carry out multiple attacks without having to completely retool....

Apr 27, 2017

By Robert Falcone

Unit 42

OilRig Malware Campaign Updates Toolset and Expands Targets

Since our first published analysis of the OilRig campaign in May 2016 , we have continued to monitor this group for new activity. In recent weeks we've discovered that the group ha...

Oct 04, 2016

By Josh Grunzweig and Robert Falcone

Financial Services, Malware, Threat Prevention, Unit 42

The OilRig Campaign: Attacks on Saudi Arabian Organizations Deliver Helmint...

In May 2016, Unit 42 observed targeted attacks primarily focused on financial institutions and technology organizations within Saudi Arabia. Artifacts...

May 26, 2016

By Robert Falcone and Bryan Lee

Load more blogs