Iranian OilRig Group Strikes with AutoHotkey Keylogger and Malicious Macro

Threat Advisories

Iranian OilRig Group Strikes with AutoHotkey Keylogger and Malicious Macro

Threat Level
Attack Report

For a detailed threat advisory, download the pdf file here

Summary

In a recent intrusion, a threat actor utilized AutoHotkey to launch a keylogger. The Iranian OilRig group is suspected to be the culprit behind this attack. The initial compromise was initiated with a malicious VBA macro embedded in a Word document.