APT34 Deploys Custom Malware Targeting Finance and Telecom Sectors

APT34, also known as OilRig or Helix Kitten, has intensified its cyber-espionage campaigns, deploying custom malware to target entities within the finance and telecommunications sectors.

The group, active since 2012, is a well-documented advanced persistent threat (APT) actor linked to the Middle East.

Recent investigations by the ThreatBook Research and Response Team have revealed that APT34’s latest operations are concentrated on Iraqi state organizations, leveraging advanced malware techniques to infiltrate critical systems.

Malware Characteristics and Attack Vectors

The newly identified malware is disguised as legitimate files, such as PDFs or invitation letters, to deceive victims into executing malicious payloads.

Upon activation, it installs a backdoor and encrypted configuration files while forging timestamps to obscure its presence.

The malware further establishes persistence by creating scheduled tasks disguised as legitimate services.

For example, one such service, named “MonitorUpdate,” executes hourly to maintain control over compromised systems.

APT34 employs dual communication channels ...