large-logo-mcafee-dark

Threat Landscape Dashboard

Assessing today's threats and the relationships between them

Operation Karkoff 2020

APT34, also known as OilRig, targeted the government sector in Lebanon with spear-phishing emails which contained a malicious Microsoft Excel document. The threat actor dropped a new variant of the Karkoff malware family onto victims' computers capable of extracting sensitive information. The malicious software used various techniques for persistence, defense evasion, and exfiltration including scheduled tasks, obfuscation, fallback channels, masquerading, and encryption. The malware used during the operation also attempted to use a Microsoft Exchange mail server as a command and control server.
Name Modified Date Sources
Operation Karkoff 2020 2020-03-18