Iranian Threat Agent OilRig targeted Multiple Organizations in Israel

Among the targeted organizations were at least five Israeli IT vendors, several financial institutes, and the Israeli Post Office

Photo: Bigstock

Iranian threat agent OilRig has been targeting multiple organizations in Israel and other countries in the Middle East since the end of 2015, according to a Clear Sky report. In recent attacks, they set up a fake VPN Web Portal and targeted at least five Israeli IT vendors, several financial institutes, and the Israeli Post Office.

Later, the attackers set up two fake websites pretending to be a University of Oxford conference sign-up page and a job application website. In these websites, they hosted malware that was digitally signed with a valid, likely stolen code signing certificate

Based on VirusTotal uploads, malicious documents content, and known victims – other targeted organizations are located in Turkey, Qatar, Kuwait, United Arab Emirates, Saudi Arabia, and Lebanon.

Infrastructure Overlap with Cadelle and Chafer

In December 2015, Symantec published a post about “two Iran-based attack groups that appear to be connected, Cadelle and Chafer” that “have been using Backdoor.Cadelspy and Backdoor.Remexi to spy on Iranian individuals and Middle Eastern organizations."

Backdoor.Remexi, one of the malware in use by Chafer, had the following command and control host:


Interestingly, IP address, which serve as a command and control address for an OilRig related sample (3a5fcba80c1fd685c4b5085d9d474118), was pointed to by 87pqxz159.dockerjsbin[.]com as well.

This suggest that the two groups may actually be the same entity, or that they share resources in one way or another.


For the complete report, visit the Clear Sky blog.


Add new comment

בשליחת תגובה אני מסכים/ה לתנאי האתר
To prevent automated spam submissions leave this field empty.

You might be interested also

 (from left to right: Park Ki-Sung, VP of HC, Moon Chang-mo, COO of JV, Byun Mu-geon, former commissioner of DAPA, Moon-Soo Cho, CEO of HC, Joseph Weiss, IAI President and CEO, Shaul Shahar, IAI EVP and General Manager of IAI's Military Aircraft Group, Eyal Calif- Director Asia, Africa & Pacific- Israel MOD – SIBAT, Professor Cho Jin-su, Hanyang University, Shuki Rynski, Tactical UAV VTOL Program   Manager.  Photo: IAI

IAI and Hankuk Carbon Enter Joint Company Agreement

The new joint company, which was named Korea Aviation Technologies (KAT), will focus on development and manufacturing of unmanned aerial vehicles (UAVs) with vertical takeoff and landing (VTOL) capability that will target the military and civilian Korean market