Menorah

Malware updated 7 months ago (2024-05-05T01:18:21.545Z)

Download STIX

Preview STIX

The Menorah malware, a novel and malicious software, was discovered in October 2023 as part of a cyberespionage operation conducted by Iranian advanced persistent threat (APT) group, OilRig. Also known as APT34, Helix Kitten, Hazel Sandstorm, and Cobalt Gypsy, the group has been strengthening its cyberespionage arsenal with this new malware, which was deployed in a spear-phishing campaign. The operation targeted various entities, including a Saudi Arabia-based organization, according to reports from The Hacker News. Cybersecurity company Trend Micro attributed the deployment of Menorah to APT34 in September 2023. The Menorah malware is a sophisticated tool capable of identifying the target's machine, reading and uploading files from the machine, and downloading other files or malware. This marked an escalation in the group's tactics, demonstrating their ability to develop and deploy advanced malware for specific espionage purposes. This development comes amidst a backdrop of increased sanctions against the APT for its cyberespionage activities, particularly those targeting Saudi Arabia and UAE. The introduction of Menorah into OilRig's arsenal underscores the group's ongoing efforts to bolster its capabilities, despite international pressure and scrutiny. With these continuous advancements, it is crucial for organizations to remain vigilant and ensure robust cybersecurity measures are in place.

Description last updated: 2024-05-05T00:27:05.589Z

What's your take? (Question 1 of 1)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
APT34 is a possible alias for Menorah. APT34, a threat actor suspected to be linked to Iran, has been operational since at least 2014 and is involved in long-term cyber espionage operations largely focused on reconnaissance efforts. The group targets a variety of sectors including financial, government, energy, chemical, and telecommunic	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Malware

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Menorah Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	a year ago	Iran-Linked APT34 Spy Campaign Targets Saudis
CERT-EU	a year ago	Iran-Linked 'MuddyWater' Spies on Mideast Gov't for 8 Months
BankInfoSecurity	a year ago	Iran Traps Middle East Nation in 8-Month Espionage Campaign
CERT-EU	a year ago	Iranian APT Group OilRig Using New Menorah Malware for Covert Operations
CERT-EU	a year ago	Novel BunnyLoader MaaS threat examined
CERT-EU	a year ago	Progress Software ‘disappointed’ researchers published PoC of newly-patched bug
CERT-EU	a year ago	ALPHV/BlackCat ransomware attack hits major Michigan health system
CERT-EU	a year ago	Novel LostTrust ransomware operation emerges
CERT-EU	a year ago	New ASMCrypt malware loader detailed
CERT-EU	a year ago	AI security center mulled by NSA
CERT-EU	a year ago	New Menorah malware bolsters OilRig APT's cyberespionage efforts
CERT-EU	a year ago	APTs, botnets combated by new AWS system
CERT-EU	a year ago	APT34 Employs Weaponized Word Documents to Deploy New Malware Strain
CERT-EU	a year ago	Iranian APT34 Employs Menorah Malware for Covert Operations