US Gov’t Payment Service Leaks 14M Records, OilRig APT Group Updates BONDUPDATER Trojan
The OilRig APT group continues to target Middle Eastern governments and businesses using an updated version of the BONDUPDATER Trojan, which is delivered via spear phishing emails containing a macros-laden Microsoft Word document. The BONDUPDATER Trojan performs fundamental backdoor capabilities, such as uploading and downloading files and executing commands. It also uses TXT records within its DNS tunnelling protocol to communicate with the command and control server. The OilRig APT group appears to be very resourceful, using a trove of methods and tools to compromise targets. It was reported in early September that OilRig was using a new variant of the OopsIE Trojan against government entities in the Middle East.
 GovPayNow.com Leaks 14M+ Records
 OilRig Uses Updated BONDUPDATER to Target Middle Eastern Government
More Weekly Cyber Newsanalysis and insights
Chinese APT Group Targets Japanese Media Sector, Turkish Hacker Group Hacks Egypt’s State-Run News Agency
Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.
Architecting and implementing cybersecurity solutions that bolster defences
Ensign Managed Security Services
Managing your security operations for advanced threat detection, continuous monitoring, and triage services