OilRig
High ConfidenceHigh ThreatAPT34 • Helix Kitten • COBALT GYPSY • Hazel Sandstorm • Crambus • ITG13
OilRig, also known as APT34 or Helix Kitten, is an Iranian cyber espionage group linked to the Ministry of Intelligence and Security (MOIS). Active since at least 2014, the group targets organizations in the Middle East, particularly in the financial, government, energy, telecommunications, and chemical sectors. OilRig is known for developing custom tools including POWRUNER, BONDUPDATER, and various DNS tunneling utilities. In 2019, their tools and victim data were leaked by a mysterious entity called 'Lab Dookhtegan,' exposing their operations. Despite this exposure, the group continues to operate with evolved tradecraft.
OilRig, also known as APT34 or Helix Kitten, is an Iranian cyber espionage group linked to the Ministry of Intelligence and Security (MOIS). Active since at least 2014, the group targets organizations in the Middle East, particularly in the financial, government, energy, telecommunications, and chemical sectors. OilRig is known for developing custom tools including POWRUNER, BONDUPDATER, and various DNS tunneling utilities. In 2019, their tools and victim data were leaked by a mysterious entity called 'Lab Dookhtegan,' exposing their operations. Despite this exposure, the group continues to operate with evolved tradecraft.
Target Sectors
Target Regions
Attributed to MOIS (Ministry of Intelligence and Security) (Iran). Attribution confidence: High.
Future Outlook
OilRig is expected to continue operations targeting Government sectors.
First observed activity of OilRig
Continued active operations