Group: OilRig, CHRYSENE, ...

From attackics
Jump to navigation Jump to search
OilRig, CHRYSENE, ...
Group
ID G0010
Associated Groups OilRig, CHRYSENE, Greenbug, APT 34
External Contributors Dragos Threat Intelligence

OilRig is a suspected Iranian threat group that has targeted the financial, government, energy, chemical, and telecommunication sectors as well as petrochemical, oil & gas.123 OilRig has been observed operating in Iraq, Pakistan, Israel, and the UK, and has been linked to the Shamoon attacks in 2012 on Saudi Aramco.

Associated Group Descriptions

  • OilRig - 4
  • CHRYSENE - 3
  • Greenbug - 3
  • APT 34 - 1

Techniques Used

  • Scripting - OilRig has embedded a macro within spearphishing attachments that has been made up of both a VBScript and a PowerShell script.5
  • Drive-by Compromise - OilRig has been seen utilizing watering hole attacks to collect credentials which could be used to gain access into ICS networks.6