Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.
Also known as: OilRig, APT 34, Helix Kitten, Twisted Kitten, Crambus, Chrysene, Cobalt Gypsy, TA452, IRN2, ATK 40, ITG13, DEV-0861, EUROPIUM, Hazel Sandstorm, Scarred Manticore, Evasive Serpens, Yellow Maero, Storm-0861, UNC1860, Earth Simnavaz, G0049, Greenbug, APT34, ATK40, Siamesekitten, Lyceum, COBALT GYPSY, GreenBug
OilRig is a threat group with suspected Iranian origins that has targeted Middle Eastern and international victims since at least 2014. The group has targeted a variety of industries, including financial, government, energy, chemical, and telecommunications, and has largely focused its operations within the Middle East. It appears the group carries out supply chain attacks, leveraging the trust relationship between organizations to attack their primary targets. FireEye assesses that the group works on behalf of the Iranian government based on infrastructure details that contain references to Iran, use of Iranian infrastructure, and targeting that aligns with nation-state interests. This group was previously tracked under two distinct groups, APT 34 and OilRig, but was combined due to additional reporting giving higher confidence about the overlap of the activity. OilRig has 1 subgroup: 1. Subgroup: Greenbug, Volatile Kitten OilRig seems to be closely related to APT 33, Elfin, Magnallium since at least 2017 and perhaps DNSpionage . They also seem to overlap with Hexane . Also see HomeLand Justice and Orangeworm .
| CVE ID | Action |
|---|---|
| CVE-2017-11882 | View Details |
| CVE-2024-30088 | View Details |