VERY IMPORTANT

OilRig Actors Provide a Glimpse into Development and Testing Efforts By Robert Falcone April 27, 2017 at 1:00 PM Category: Unit 42 Tags: Clayside, Helminth, OilRig attacks 336 (1) Throughout an attack campaign, actors will continue to develop their tools in an attempt to remain undetected and to carry out multiple attacks without having to completely retool. In regard to the attack lifecycle, development of tools occurs in the weaponization/staging phase that precedes the delivery phase, of which is typically the first opportunity we see the actors’ activities as they interact directly with their target. We have been presented with a rare opportunity to see some development activities from the actors associated with the OilRig attack campaign, a campaign Unit 42 has been following since May 2016. Recently we were able to observe these actors making modifications to their ClaySlide delivery documents in an attempt to evade antivirus detection.