Iranian-Backed OilRig Group Returns with Next-Generation Malware

Presented by

Rene Kolga, Senior Director of Product Management at Nyotron and Robert Zamani, Director of Solutions Architect at Nyotron

About this talk

Nyotron’s research team began tracking new active OilRig attacks on a number of organizations across the Middle East in November 2017. Our security team has discovered that the Iran-linked OilRig group has significantly evolved its tactics, techniques and procedures (TTPs), introduced next-generation malware tools and new data exfiltration methods since previous attacks. Among key advancements, the new variant of OilRig introduces a variety of new command and control (C&C) and data exfiltration capabilities using Google Drive, SmartFile, a file sharing and transfer solution, and an ISAPI filter to extend the functionality of Microsoft Internet Information Services (IIS) servers. During this webinar, Nyotron will provide technical details of the attacks along with the TTPs used and the timelines to help security professionals deal with this threat actor in the future.

Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (28)
Subscribers (2831)
Nyotron pioneers a new generation of automatic Endpoint Detection and Response with integrated protection called Endpoint Prevention and Response (EPR). Our product prevents damage from malware that evades existing security layers and offers granular visibility into the attack. Based on the OS-Centric Positive Security, Nyotron's PARANOID automatically whitelists trusted operating system behavior and rejects everything else. No manual threat hunting, baselining, machine learning or cloud connectivity required. With PARANOID organizations gain true defense-in-depth protection against the most advanced attacks. Nyotron is headquartered in Santa Clara, CA with an R&D office in Israel. To learn more, visit