Earth Simnavaz Levies Advanced Cyberattacks Against UAE and Gulf Regions

Date: 10/14/2024

Severity: Medium

Summary

Trend Micro has been monitoring Earth Simnavaz, a cyber espionage group linked to Iranian interests, which primarily targets the energy sector and critical infrastructure. Recently, there has been an uptick in cyberattacks attributed to this group, focusing on government sectors in the UAE and the Gulf region. Their sophisticated tactics and techniques highlight their ongoing efforts to exploit vulnerabilities within these geopolitically sensitive areas, emphasizing the significant threat they pose to national security and critical operations.

Indicators of Compromise (IOC) List

Hash

db79c39bc06e55a52741a9170d8007fa93ac712df506632d624a651345d33f91

a24303234e0cc6f403fca8943e7170c90b69976015b6a84d64a9667810023ed7

6e4f237ef084e400b43bc18860d9c781c851012652b558f57527cf61bee1e1ef

b3257f0c0ef298363f89c7a61ab27a706e9e308c22f1820dc4f02dfa0f68d897

abfc8e9b4b02e196af83608d5aaef1771354b32c898852dff532bd8cfd2ce59d

43c83976d9b6d19c63aef8715f7929557e93102ff0271b3539ccf2ef485a01a7

ca98a24507d62afdb65e7ad7205dfe8cd9ef7d837126a3dfc95a74af873b1dc5

7ebbeb2a25da1b09a98e1a373c78486ed2c5a7f2a16eec63e576c99efe0c7a49

c0189edde8fa030ff4a70492ced24e325847b04dba33821cf637219d0ddff3c9

6d8bdd3e087b266d493074569a85e1173246d1d71ee88eca94266b5802e28112

27a0e31ae16cbc6129b4321d25515b9435c35cc2fa1fc748c6f109275bee3d6c

54e8fbae0aa7a279aaedb6d8eec0f95971397fea7fcee6c143772c8ee6e6b498

1169d8fe861054d99b10f7a3c87e3bbbd941e585ce932e9e543a2efd701deac2

af979580849cc4619b815551842f3265b06497972c61369798135145b82f3cd8

1d2ff65ac590c8d0dec581f6b6efbf411a2ce5927419da31d50156d8f1e3a4ff

abfc8e9b4b02e196af83608d5aaef1771354b32c898852dff532bd8cfd2ce59d

98fb12a9625d600535df342551d30b27ed216fed14d9c6f63e8bf677cb730301

edfae1a69522f87b12c6dac3225d930e4848832e3c551ee1e7d31736bf4525ef

ca98a24507d62afdb65e7ad7205dfe8cd9ef7d837126a3dfc95a74af873b1dc5

Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

Detection Query 1

sha256hash IN ("b3257f0c0ef298363f89c7a61ab27a706e9e308c22f1820dc4f02dfa0f68d897","a24303234e0cc6f403fca8943e7170c90b69976015b6a84d64a9667810023ed7","98fb12a9625d600535df342551d30b27ed216fed14d9c6f63e8bf677cb730301","db79c39bc06e55a52741a9170d8007fa93ac712df506632d624a651345d33f91","6e4f237ef084e400b43bc18860d9c781c851012652b558f57527cf61bee1e1ef","abfc8e9b4b02e196af83608d5aaef1771354b32c898852dff532bd8cfd2ce59d","43c83976d9b6d19c63aef8715f7929557e93102ff0271b3539ccf2ef485a01a7","ca98a24507d62afdb65e7ad7205dfe8cd9ef7d837126a3dfc95a74af873b1dc5","7ebbeb2a25da1b09a98e1a373c78486ed2c5a7f2a16eec63e576c99efe0c7a49","c0189edde8fa030ff4a70492ced24e325847b04dba33821cf637219d0ddff3c9","6d8bdd3e087b266d493074569a85e1173246d1d71ee88eca94266b5802e28112","27a0e31ae16cbc6129b4321d25515b9435c35cc2fa1fc748c6f109275bee3d6c","54e8fbae0aa7a279aaedb6d8eec0f95971397fea7fcee6c143772c8ee6e6b498","1169d8fe861054d99b10f7a3c87e3bbbd941e585ce932e9e543a2efd701deac2","af979580849cc4619b815551842f3265b06497972c61369798135145b82f3cd8","1d2ff65ac590c8d0dec581f6b6efbf411a2ce5927419da31d50156d8f1e3a4ff","abfc8e9b4b02e196af83608d5aaef1771354b32c898852dff532bd8cfd2ce59d","edfae1a69522f87b12c6dac3225d930e4848832e3c551ee1e7d31736bf4525ef","ca98a24507d62afdb65e7ad7205dfe8cd9ef7d837126a3dfc95a74af873b1dc5")

Reference:

https://www.trendmicro.com/en_us/research/24/j/earth-simnavaz-cyberattacks-uae-gulf-regions.html

Earth Simnavaz Levies Advanced Cyberattacks Against UAE and Gulf Regions

Summary

Indicators of Compromise (IOC) List

Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

Tags

Comments

Earth Simnavaz Levies Advanced Cyberattacks Against UAE and Gulf Regions

Summary

Indicators of Compromise (IOC) List

Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

Tags

Share This

Comments