Iranian APT 'BladedFeline' Hides in Network for 8 Years
ESET published research on the Iranian APT "BladedFeline," which researchers believe is a subgroup of the cyber-espionage entity APT34.
APT34 is a threat group linked to Iran and associated with malware, credential theft, and cyberespionage against organizations.
Search across headline titles and summaries.
Background for this topic.
APT34 is a cyber espionage group linked to Iranian state interests, primarily targeting organizations across the Middle East. They focus on sectors such as energy, telecommunications, financial services, and government entities. Their attacks often begin with spear-phishing emails containing malicious attachments or links, leading to credential theft, network reconnaissance, and deployment of custom malware to maintain persistent access.
Security teams should watch for phishing campaigns tailored to regional or industry-specific contexts and monitor for unusual authentication patterns or lateral movement within networks. Defenses include enforcing multi-factor authentication, promptly patching vulnerabilities, and using threat intelligence to identify APT34’s known malware signatures and command-and-control infrastructure. Understanding their targeting helps organizations prioritize protections around critical infrastructure and sensitive data in high-risk regions.
Weekly headline count for the current query.
ESET published research on the Iranian APT "BladedFeline," which researchers believe is a subgroup of the cyber-espionage entity APT34.
The Islamic Republic is keeping its enemies close and its friends closer, with espionage attacks aimed at nearby neighbors.
A MOIS-aligned threat group has been using Microsoft Exchange servers to exfiltrate sensitive data from Gulf-state government agencies.
The Iranian state-sponsored hacking group APT34, aka OilRig, has recently escalated its activities with new campaigns targeting government and critical infrastructure entities in the United Arab Emirates and the Gulf region. [...]
The Iranian threat actor known as OilRig has been observed exploiting a now-patched privilege escalation flaw impacting the Windows Kernel as part of a cyber espionage campaign targeting the U.A.E. and the broader Gulf region
Trend Micro's investigation into the recent activity of Earth Simnavaz provides new insights into the APT group’s evolving tactics and the immediate threat it poses to sectors in the Middle East.
Increasing attacks by the OilRig/APT34 group linked to Iran's Ministry of Intelligence and Security show that the nation's capabilities are growing, and targeting regional allies and enemies alike.
Iraqi government networks have emerged as the target of an "elaborate" cyber attack campaign orchestrated by an Iran state-sponsored threat actor called OilRig
The prolific APT repeatedly compromised targets in healthcare, manufacturing, and government with new lightweight downloaders that blend into network traffic for evasion.
The Iranian state-sponsored threat actor known as OilRig deployed three different downloader malware throughout 2022 to maintain persistent access to victim organizations located in Israel
The Iranian hacking group tracked as MuddyWater (aka APT34 or OilRig) breached at least twelve computers belonging to a Middle Eastern government network and maintained access for eight months between February and September 2023. [...]
The state-sponsored threat actors (aka APT34, Crambus, Helix Kitten, or OilRig) spent months seemingly taking whatever government data they wished, using never-before-seen tools.
The Iran-linked OilRig threat actor targeted an unnamed Middle East government between February and September 2023 as part of an eight-month-long campaign
The Menorah malware can upload and download files, as well as execute shell commands.
Sophisticated cyber actors backed by Iran known as OilRig have been linked to a spear-phishing campaign that infects victims with a new strain of malware called Menorah
We observed and tracked the advanced persistent threat (APT) APT34 group with a new malware variant accompanying a phishing attack comparatively similar to the SideTwist backdoor malware. Following the campaign, the group abused a fake license registration form of an African government agency to target a victim in Saudi Arabia.
Israeli organizations were targeted as part of two different campaigns orchestrated by the Iranian nation-state actor known as OilRig in 2021 and 2022
The Iranian threat actor tracked as APT34 has been linked to a new phishing attack that leads to the deployment of a variant of a backdoor called SideTwist
The prolific APT, also known as OilRig and MuddyWater, was caught targeting an IT company's government clients in the region, with the aim of carrying out cyber espionage.
A new PowerShell-based malware dubbed PowerExchange was used in attacks linked to APT34 Iranian state hackers to backdoor on-premise Microsoft Exchange servers. [...]