Operation Karkoff 2020
APT34, also known as OilRig, targeted the government sector in Lebanon with spear-phishing emails which contained a malicious Microsoft Excel document. The threat actor dropped a new variant of the Karkoff malware family onto victims' computers capable of extracting sensitive information. The malicious software used various techniques for persistence, defense evasion, and exfiltration including scheduled tasks, obfuscation, fallback channels, masquerading, and encryption. The malware used during the operation also attempted to use a Microsoft Exchange mail server as a command and control server.