Names | OilAlpha (Recorded Future) TAG-41 (Recorded Future) TAG-62 (Recorded Future) | |
Country | Yemen | |
Motivation | Information theft and espionage | |
First seen | 2022 | |
Description | (Recorded Future) Since May 2022, Insikt Group has tracked an ongoing campaign by a threat group which is highly likely to have targeted entities associated with the non-governmental, media, international humanitarian, and development sectors. It is almost certain that the entities targeted shared an interest in Yemen, security, humanitarian aid, and reconstruction matters. It is highly likely that OilAlpha threat actors were involved in espionage activity, as handheld devices were targeted with remote access tools (RATs) like SpyNote and SpyMax. Our assessment of the victimology suggests that the majority of the targeted entities were Arabic-language speakers and operated Android devices. | |
Observed | ||
Tools used | njRAT, SpyMax, SpyNote RAT. | |
Information | <https://go.recordedfuture.com/hubfs/reports/cta-2023-0516.pdf> |
Last change to this card: 21 June 2023
Download this actor card in PDF or JSON format
Previous: Nitro, Covert Grove
Next: OilRig, APT 34, Helix Kitten, Chrysene
Digital Service Security Center Follow us on |
Report incidents |
|
+66 (0)2-123-1227 | ||
[email protected] |