The world is now used to listening to cyber attacks and espionage. World powers have started to use cybercriminals for their benefit, with the motive of strengthening their strategies by gaining insights into the military and plans of their rivalries. Researchers also believe that certain cybercriminal groups work only for specific countries, fulfilling their demands. Although one of the major motives of these cybercriminals is financial gain and profit, government protection and personal interests in defaming certain sections of society are the other advantages for them. The latest reports suggest that along with the existing cyber attacks and crimes, a new attack has been spotted against the United Arab Emirates by Iranian threat actors.
According to available information, the Iranian cyberespionage group popularly known as APT34 has initiated attacks against the governmental agencies of the United Arab Emirates. This group, also known as Earth Simnavaz and OilRig has been identified to have worked interlinked with the Iranian Ministry of Intelligence and Security in the past. Over the years, the attacks and strategies of APT34 have been more sophisticated with personal and custom malware for each industry. To date, this group has targeted high-value targets across the Middle East spreading to different industries including oil and gas, telecommunications, chemicals, critical infrastructure, and governmental agencies. APT34 has also developed the ability to escape the attention of the officials.
Trend Micro has confirmed that the new threats by APT34 espionage are set in a new backdoor, StealHook. Here, they make use of Microsoft Exchange services to gain access to user credentials. In the latest attack on UAE, this group employed web shells. They allow hackers to insert PowerShell code into less secure websites allowing them to download and upload required files and data. One such software was identified to be ngrok, a reverse proxy software that creates a tunnel between local machines and the internet. APT34 weaponized this software to gain control of governmental data and information.
The researchers also added that the group is popular for using compromised organizations to initiate supply chain attacks on their targets. They also said that the credentials, passwords, personal information, and other details collected by APT34 can be used to start new attacks and crimes through phishing on government organizations. The research found that the Windows CVE-2024-30088 flaw was also used by this group to gain privilege over their targeted governments. According to the researchers, this attitude exhibits the attitude of the group in exploiting vulnerabilities to enhance their crimes by making them more sophisticated.
Trend Micro’s cyber threat intelligence researcher, Mohamed Fahmy said that the threats over UAE and other regions still exist. He noted that the strategies and techniques used by APT34 are difficult to detect making it more convenient for them to evade the clutches of the authorities. Fahmy said that his group has noted that APT34 continues using the acquired servers to initiate further attacks on related organizations, creating a trust relationship with the infected organizations. Furthermore, he adds that as the governmental organizations are closely related to one another, such attacks can lead to serious concerns and problems. So, researchers warn such organizations in the UAE to consider these threats seriously and enhance their security and defense mechanisms.
Also Read: Mobile Security Alert: Over 200 Malicious Apps Found On Play Store