Iranian OilRig Group Strikes with AutoHotkey Keylogger and Malicious Macro

Threat Level – Red | Vulnerability Report
Download PDF

In a recent intrusion, a threat actor utilized AutoHotkey to launch a keylogger. The Iranian OilRig group is suspected to be the culprit behind this attack. The initial compromise was initiated with a malicious VBA macro embedded in a Word document.

What’s new on HivePro

Get through updates and upcoming events, and more directly in your inbox