BlackOasis APT

The BlackOasis Advanced Persistent Threat (APT) group is a cybercrime organization whose members are likely to operate from the Middle East. Their targets include high-profile members of the United Nations committee and bloggers, activities and news outlets involved in politics. The group's campaigns have a very wide reach, and artifacts of their activity have been recovered from networks in multiple countries like the United Kingdom, Russia, Iraq, Nigeria, Libya, Jordan, Iran, Netherlands, Saudi Arabia and others.

The BlackOasis APT hackers rely on phishing emails to deliver their preferred payload to the victim. Often, their spear-phishing emails contain documents and messages concerning contemporary topics and news headlines, therefore making them sound more believable. These emails always have a file attachment that the recipient is asked to review. The attachment is usually a Microsoft Office file that, when opened, triggers a corrupted macro script meant to exploit a software vulnerability and deploy the payload. BlackOasis APT's attacks often involve the use of zero-day vulnerabilities, so the members of the group are clearly well-versed when it comes to cybercrime.

The BlackOasis Hackers Make Use of the FinSpy Toolkit

The majority of BlackOasis APT's attacks use a piece of malware known as FinSpy, which belongs to the FinFisher malware toolkit. The usage of this complex surveillance tool ensures that the attackers will be able to collect a lot of information, as well as spy on the user's activities for long periods. The goal of BlackOasis APT's attacks is likely to be espionage and data theft.

The attacks of groups like the BlackOasis APT are usually reserved for very special people, but this does not mean that you can't stop them, certainly. A security plan consisting of multiple layers should be able to mitigate like the ones seen in the BlackOasis APT's campaigns.