OilRig: Iran’s Persistent Espionage Arm in Cyberspace

OilRig (APT34) is profiled as an Iranian state-aligned cyber-espionage actor conducting sustained campaigns against government, energy, and defense organizations across the Middle East and Europe. The report documents spearphishing and credential-harvesting operations, use of cloud services for persistence and C2, modular implants (Tonedeaf, Helminth, Karkoff, etc.), DNS/HTTPS tunneling for exfiltration, and an evolution toward sophisticated cloud abuse; recommended mitigations include email hardening, cloud monitoring, EDR/behavioral detection, and MFA.