Iranian OilRig Group Strikes with AutoHotkey Keylogger and Malicious Macro
Iranian OilRig Group Strikes with AutoHotkey Keylogger and Malicious Macro
Threat Level
Attack Report
For a detailed threat advisory, download the pdf file here
Summary
In a recent intrusion, a threat actor utilized AutoHotkey to launch a keylogger. The Iranian OilRig group is suspected to be the culprit behind this attack. The initial compromise was initiated with a malicious VBA macro embedded in a Word document.