IRN2 Targets Saudi Arabian Oil and Gas Industry with Career-Themed Phishing Attack

Goals for cyber campaigns consistently provide the advantage. Whether to steal data, earn financial rewards, manipulate information, or cause physical destruction, cyber attackers don’t limit themselves to a direct attack on their targets. Instead, they often use their imaginations and go after the digital supply chain of their targets, without increasing the need for technical sophistication, and without risking or compromising the success of their campaigns.

In the Summer of 2017, Iranian cyber actors identified by Area 1 Security as IRN2 and previously referred to as the “OilRig” campaign compromised a website belonging to Doosan Power Systems India (DPSI) to conduct a targeted phishing campaign against Saudi Aramco affiliates.

Read the security research report, which includes technical details and indicators of compromise for this supply chain phishing campaign.