Since OilRig first appeared in late 2015, there have been two periods of high activity identified. Primary targets have evolved, but they continue to be focused on critical infrastructure and government entities in the Middle East and the United States.
The LogRhythm Labs team provides actionable intelligence detailing the tools, techniques, and procedures (TTPs) threat actors use in this in-depth report.
Use this information—combined with mitigation and remediation strategies presented in this report—to respond to network attacks by this threat actor. In addition, LogRhythm SmartResponse™ plug-ins will assist in your response efforts if an infected host is detected.