Summary
An Iranian-linked cyber espionage group has targeted ministries in Oman with a sophisticated attack involving webshell deployment, SQL injection for privilege escalation, and data exfiltration. The campaign leverages both custom malware and open-source tools to achieve its objectives.
Key Points:
- Target: Ministries in Oman.
- Attack Vector: Initially through phishing emails containing malicious Office documents that exploit CVE-2017-8570 (MS17-010).
- Webshell Deployment: Once initial access is gained, webshells are deployed to maintain persistence and control over the compromised systems.
- SQL Injection: Used for privilege escalation within the target environment.
- Data Exfiltration: Stolen data includes sensitive information from various ministries.
Technical Details:
- Malware: Custom malware and open-source tools like Powercat, Mimikatz, and Empire are used.
- Infrastructure: The attackers use a mix of compromised servers and cloud services (e.g., Cloudflare) for command-and-control communications.
- Indicators of Compromise (IoCs): Specific IP addresses and domain names associated with the attack.
Recommendations:
- Organizations should enhance their phishing detection capabilities, regularly update
Read the full article at Cyber Security News
Want to create content about this topic? Use Nemati AI tools to generate articles, social posts, and more.
4
Contents
Ali NematiWritten by Ali
![[AINews] The Unreasonable Effectiveness of Closing the Loop](/_next/image?url=https%3A%2F%2Fmedia.nemati.ai%2Fmedia%2Fblog%2Fimages%2Farticles%2F600e22851bc7453b.webp&w=3840&q=75)
