Another Win system process abuse. https://www.securityweek.com/iranian-hackers-use-new-trojan-recent-attacks
A well-known hacking group is getting better at evading detection September 4, 2018 https://www.cyberscoop.com/oopsie-oilrig-iran-evading-detection/
OilRig APT Continues Its Ongoing Malware Evolution September 13, 2018 https://threatpost.com/oilrig-apt-continues-its-ongoing-malware-evolution/137444/
Just another example of state actors competing for top honors in who can pop the top better and much more stealthy in some cases. Excluding Russia since they are sharp as a proverbial whistle in tweaking western tech, looks like DPRK + IRAN (Persia) + China are battling it out in back n forth technique. Thanks Windows- Whatta code structure
when people are gullible enough to fall for obscure, poorly written emails with subject lines like: "important issue" in them, and gladly open the attachments, then that's hardly the fault of Windows code structure. PEBKAC
So very true indeed unfortunately. To that regard a rewritten code structure would never matter. The nilly willy cavalier attitude of happily opening attachments-macros etc will bite the end recipient's machine every time. Even a sandboxed containment for those business/end users might be a better alternative and yet looking at the raw numbers of submissions on only a single analysis site like Hybrid, show some are at least passing many thru a malware review grinder. Before or after the fact is whole other unknown though.
The organization I work for uses some sort of perimeter defenses for catching the majority of phishing/malicious emails, but a few do get through. Recently a colleague of mine opened one with a subject line of "check out this photo" ...LOL and unfortunately he fell for it, just because the sender was from someone he knew. Within mere minutes of opening the attachment he received a phone call from the head of the IT department telling him to shut down the laptop immediately and bring it in for analysis. He brought in to one of the company's security experts and after thoroughly analyzing it, he said no damage was done. I don't know what the attachment was or what its intended infection vector was, but the fact that employee's devices are so thoroughly "locked down" with limited user rights was instrumental in the malicious attachment being stopped dead in its mission to infect. Obviously the organization also has a built-in feature that alerts the IT department to any attempted malicious activities on their devices.
Good job for that business entity (and others) that employs perimeter defense of some sort as you so well aptly point out. That alert provision is a superb forethought and obviously absolutely practical in this day and age where even the slightest miscue/even accident can open a channel for malicious code to fly through the veins of the end user system in a nanosecond of time.
Iranian Hackers Use New Malware in Recent Attacks July 19, 2019 https://www.securityweek.com/iranian-hackers-use-new-malware-recent-attacks FireEye: Hard Pass: Declining APT34’s Invite to Join Their Professional Network
Poison Frog Malware Samples Reveal OilRig’s Sloppiness December 17, 2019 https://www.tripwire.com/state-of-s...og-malware-samples-reveal-oilrigs-sloppiness/ Kaspersky: OilRig’s Poison Frog – old samples, same trick
Iran-linked APT34 group is targeting US federal workers January 31, 2020 https://securityaffairs.co/wordpress/97067/apt/apt34-westat-survey.html Intezer: New Iranian Campaign Tailored to US Companies Utilizes an Updated Toolset