Iran-Linked APT34 Spy Campaign Targets Saudis

The Menorah malware can upload and download files, as well as execute shell commands.

A phishing campaign which drops cyber espionage malware is taking aim at users in the Middle East.
The campaign is mounted by the infamous advanced persistent threat known as
APT34
(aka OilRig, Helix Kitten, Cobalt Gypsy), and employs a custom tool that researchers have dubbed Menorah. This malware is capable of identifying the targets machine, reading and uploading files from the machine, and downloading other files or malware.
According to
research
by Trend Micro, the document used in the attack contains pricing information in Saudi Riyal, which could indicate at least one targeted victim is inside Saudi Arabia.
Linked to Iran, APT34 typically focuses on collecting sensitive intelligence, and has been involved in
high-profile cyberattacks
against a diverse range of targets in the Middle East, including government agencies, critical infrastructure, telecommunications, and key regional entities.
Trend Micros researchers said that a changing of tactics and tools is typical of APT groups and demonstrates their resources and varied skills. Being able to create new pieces of malware and tools allows such groups to continuously deploy new techniques to ensure success in intrusions, stealth, and cyberespionage.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Iran-Linked APT34 Spy Campaign Targets Saudis