Threat Landscape Dashboard

Assessing today's threats and the relationships between them

Operation ZeroCleare

The OilRig threat group, also known as APT34, is suspected to be behind a destructive attack against the energy and industrial sectors in the Middle East. The operation used malicious software to overwrite the Master Boot Record (MBR) and disk partitions on Microsoft Windows targets. The actor deployed the legitimate EldoS RawDisk toolkit to carry out the attacks and used various techniques during the campaign including PowerShell, code signing, WMI, and Group Policy Objects (GPO).
Name Modified Date Sources
Operation ZeroCleare 2019-12-16