Menorah

Malware updated 6 months ago (2024-05-05T01:18:21.545Z)
Download STIX
Preview STIX
The Menorah malware, a novel and malicious software, was discovered in October 2023 as part of a cyberespionage operation conducted by Iranian advanced persistent threat (APT) group, OilRig. Also known as APT34, Helix Kitten, Hazel Sandstorm, and Cobalt Gypsy, the group has been strengthening its cyberespionage arsenal with this new malware, which was deployed in a spear-phishing campaign. The operation targeted various entities, including a Saudi Arabia-based organization, according to reports from The Hacker News. Cybersecurity company Trend Micro attributed the deployment of Menorah to APT34 in September 2023. The Menorah malware is a sophisticated tool capable of identifying the target's machine, reading and uploading files from the machine, and downloading other files or malware. This marked an escalation in the group's tactics, demonstrating their ability to develop and deploy advanced malware for specific espionage purposes. This development comes amidst a backdrop of increased sanctions against the APT for its cyberespionage activities, particularly those targeting Saudi Arabia and UAE. The introduction of Menorah into OilRig's arsenal underscores the group's ongoing efforts to bolster its capabilities, despite international pressure and scrutiny. With these continuous advancements, it is crucial for organizations to remain vigilant and ensure robust cybersecurity measures are in place.
Description last updated: 2024-05-05T00:27:05.589Z
What's your take? (Question 1 of 1)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
APT34 is a possible alias for Menorah. APT34, a threat actor suspected to be linked to Iran, has been operational since at least 2014 and is involved in long-term cyber espionage operations largely focused on reconnaissance efforts. The group targets a variety of sectors including financial, government, energy, chemical, and telecommunic
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.