ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > OilAlpha

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: OilAlpha

NamesOilAlpha (Recorded Future)
TAG-41 (Recorded Future)
TAG-62 (Recorded Future)
CountryYemen Yemen
MotivationInformation theft and espionage
First seen2022
Description(Recorded Future) Since May 2022, Insikt Group has tracked an ongoing campaign by a threat group which is highly likely to have targeted entities associated with the non-governmental, media, international humanitarian, and development sectors. It is almost certain that the entities targeted shared an interest in Yemen, security, humanitarian aid, and reconstruction matters. It is highly likely that OilAlpha threat actors were involved in espionage activity, as handheld devices were targeted with remote access tools (RATs) like SpyNote and SpyMax. Our assessment of the victimology suggests that the majority of the targeted entities were Arabic-language speakers and operated Android devices.
Observed
Tools usednjRAT, SpyMax, SpyNote RAT.
Information<https://go.recordedfuture.com/hubfs/reports/cta-2023-0516.pdf>

Last change to this card: 21 June 2023

Download this actor card in PDF or JSON format

Previous: Nitro, Covert Grove
Next: OilRig, APT 34, Helix Kitten, Chrysene

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]