Increased threat of IT supply chain attacks

by SAVIOUS KWINIKA
JOHANNESBURG – RESEARCHERS have discovered a series of attacks by a new malware, supposedly developed by the infamous OilRig Advanced Persistent Threat (APT) group active in the Middle East and Turkiye for over a decade.

The group is known for targeting high-profile government entities across Africa, the Middle East and Turkiye for cyber espionage purposes.

Kaspersky Researchers have announced the discovery.

The OilRig APT commonly uses social engineering tactics, exploits software and technical vulnerabilities within their victims.

However, Kaspersky experts noticed the group has updated their arsenal, resorting to persistent, stealthier ways of infiltrating their targets through third-party IT companies.

The APT group has executed PowerShell scripts to gain access to terminal servers at IT companies in the region to collect credentials and sensitive data about their targets.

The group is said to have used the stolen information to infiltrate their targets and deploy malware samples that relied on Microsoft Exchange Web Services to perform Command and Control (C2) communications, and steal data.

The investigated malware appeared to be a variant of an older malware used by the threat actor.

“OilRig has taken the meaning of ‘stealth mode’ to the next level with its complex and heavily modified tactics, techniques and procedures to exploit third party IT companies,” said Maher Yamout, Senior Security Researcher at Kaspersky.

The official said it is evident from Kaspersky investigations that third party attacks are stealthier, agile and remain undetected in comparison to other tactics, posing grave risk to the functioning of government entities in the targeted regions.

“The radical shift to infiltrate IT companies that are part of a supply chain is an indication that regional government entities are stepping up their cybersecurity game, driving APT groups to think out of the box,” Yamout said.

– CAJ News