Iranian State-Sponsored OilRig Group Deploys 3 New Malware Downloaders

The Iranian state-sponsored threat actor OilRig deployed three new types of downloader malware named ODAgent, OilCheck, and OilBooster, and an updated version of SampleCheck5000 in 2022, according to cybersecurity firm ESET. The malware used legitimate Microsoft APIs for communication and data exfiltration, making it harder to detect. Victims included healthcare organizations, manufacturers, and local government, mostly located in Israel. The initial compromise method and whether the attackers managed to retain access are yet unknown.