Advanced Cyberattacks Against UAE and Gulf Regions

SUMMARY :

Earth Simnavaz, also known as APT34 and OilRig, has been actively targeting governmental entities in the UAE and Gulf region. The group employs sophisticated tactics, including a backdoor that exploits Microsoft Exchange servers for credential theft and the use of CVE-2024-30088 for privilege escalation. Their arsenal includes customized .NET tools, PowerShell scripts, and IIS-based malware designed to blend with normal network traffic. The attackers focus on exploiting vulnerabilities in key infrastructure of geopolitically sensitive areas, aiming to establish persistent footholds in compromised entities for potential future attacks. Recent activities show an escalation in cyber espionage efforts, particularly against critical sectors in the UAE, highlighting the ongoing threat posed by state-sponsored actors to national security and economic stability.

OPENCTI LABELS :

credential theft,cyber espionage,oilrig,microsoft exchange,privilege escalation,stealhook,iis malware,cve-2024-30088,gulf region,apt34,uae


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Advanced Cyberattacks Against UAE and Gulf Regions