Home

APT34OilRig

APT34, also known as OilRig, is a state-sponsored cyber espionage group widely attributed to Iran. Active since at least 2014, it has conducted intrusions primarily against the energy sector, government entities, telecommunications, and critical infrastructure in the Middle East and beyond. The group is recognized for adapting totarget ecosystems and shifting operational focus in response to defense trends.

Targets and scope often include oil and gas companies, energy infrastructure operators, ministries and government agencies,

Tactics and capabilities are centered on conventional cyber espionage methods. APT34 commonly employs spearphishing with malicious

Infrastructure and execution frequently involve command-and-control channels over standard network protocols, with variants designed to evade

Defenses against APT34 focus on robust phishing resistance, multi-factor authentication, network segmentation, rigorous patching, monitoring for

telecommunications
firms,
and
sometimes
academic
or
research
institutions.
While
its
core
activity
has
been
reported
in
the
Middle
East,
some
campaigns
have
extended
to
other
regions
and
sectors,
reflecting
an
emphasis
on
strategic
targets
with
potential
intelligence
value
and
economic
impact.
attachments
or
links,
credential
harvesting,
and
watering-hole
techniques.
It
uses
modular
malware
toolsets,
including
backdoors
and
information-stealing
components,
and
often
leverages
living-off-the-land
techniques
such
as
PowerShell.
Its
operators
emphasize
stealth,
data
exfiltration,
and
long-term
persistence
within
compromised
networks.
simple
detection
through
obfuscated
payloads
and
legitimate-looking
traffic.
The
group
has
shown
capability
to
adapt
its
toolset
and
infrastructure
to
new
environments,
aligning
with
broader
Iranian
cyber-espionage
objectives.
credential-theft
patterns,
and
anomaly
detection
in
energy
and
government
networks.
Attribution
and
analysis
are
provided
by
multiple
security
researchers
and
vendor
reports,
reflecting
the
group’s
long-standing
activity
and
regional
focus.