Cyber Espionage Unveiled: APT34's Targeted Attacks on Government and Finance Systems
- Actor Motivations: Espionage,Exfiltration
- Attack Vectors: Credential stuffing,Security Misconfiguration,SQL injection,Backdoor,Malware,Phishing
- Attack Complexity: Medium
- Threat Risk: High Impact/High Probability
Threat Overview
APT34 primarily targets Middle Eastern countries and international organizations across finance, government, energy, chemical engineering, and telecommunications sectors. Disclosed by Lab Dookhtegan, APT34 employs various attack methods, including SQL injection, brute-force cracking, and 0-day exploits. The group frequently uses web shells injected into compromised systems to maintain control. Top attacked countries include the United Arab Emirates, China, Jordan, and Saudi Arabia. The compromised enterprises predominantly belong to government (36%), finance (17%), service provider (12%), and media (7%) sectors. APT34's attacks typically begin with exploiting web vulnerabilities to gain initial access.
Detected Targets
| Type | Description | Confidence |
|---|---|---|
| Case | Abu Dhabi Statistics Center Statistics Centre − Abu Dhabi (SCAD) is the official source of statistical data in Abu Dhabi Emirate. Abu Dhabi Statistics Center has been targeted by APT34 as the main target. | Verified |
| Case | Amiri Diwan The Amiri Diwan of Kuwait serves as the royal court of the Emir of Kuwait. Amiri Diwan has been targeted by APT34 as the main target. | Verified |
| Case | BDO China Shu Lun Pan CPAs BDO China Shu Lun Pan CPAs (hereinafter referred to as "Shu Lun Pan CPAs") was founded by Dr. ShuLun Pan, pioneer of China's accounting profession. BDO China Shu Lun Pan CPAs has been targeted by APT34 as the main target. | Verified |
| Case | BesTV New Media Shanghai Oriental Pearl Media Co. Ltd. engages in the provision of technical, content, and marketing services for multimedia and information technology platforms. BesTV New Media has been targeted by APT34 as the main target. | Verified |
| Case | China Energy Conservation and Environmental Protection Group China Energy Conservation and Environmental Protection Group Corporation formerly known as China Energy Conservation Investment Corporation is a Beijing-based state-owned enterprise established in 1988 by the State Council of the People's Republic of China. China Energy Conservation and Environmental Protection Group has been targeted by APT34 as the main target. | Verified |
| Case | China General Nuclear Power Group China General Nuclear Power Group, formerly China Guangdong Nuclear Power Group, is a Chinese state-owned energy corporation under the SASAC of the State Council. China General Nuclear Power Group has been targeted by APT34 as the main target. | Verified |
| Case | China Railway Construction Corporation China Railway Construction Corporation Limited (abbreviated CRCC) is a listed construction enterprise based in Beijing, China, that was the second largest construction and engineering company in the world by revenue in 2014. China Railway Construction Corporation has been targeted by APT34 as the main target. | Verified |
| Case | Dubai Media Incorporation Dubai Media Incorporated is the official media organization of the government of Dubai. It was established in 2003 as a state-owned company comprising a number of print, radio and TV channels under its umbrella, including: Dubai TV, Al Bayan, Dubai One, Dubai Sports, Emirates 24/7, Tawseel and Masar Printing Press. Dubai Media Incorporation has been targeted by APT34 as the main target. | Verified |
| Case | Emirates National Oil Company (ENOC) ENOC is a global diversified state-owned energy group that operates in the oil, gas, and coal industry. Emirates National Oil Company (ENOC) has been targeted by APT34 as the main target. | Verified |
| Case | Emirates Policy Center The Emirates Policy Center is a think tank that was established in the city of Abu Dhabi in the United Arab Emirates in September 2013. Emirates Policy Center has been targeted by APT34 as the main target. | Verified |
| Case | Etihad Airways Etihad Airways is one of two flag carriers of the United Arab Emirates, alongside Emirates. Etihad Airways has been targeted by APT34 as the main target. | Verified |
| Case | Federal Competitiveness and Statistics Centre The Federal Competitiveness and Statistics Centre (FCSC) is a government center affiliated with the Ministry of Cabinet Affairs in the United Arab Emirates. Federal Competitiveness and Statistics Centre has been targeted by APT34 as the main target. | Verified |
| Case | Generali China Insurance China's first joint venture property insurance company. Generali China Insurance has been targeted by APT34 as the main target. | Verified |
| Case | Government of Qatar Government of Qatar has been targeted by APT34 as the main target. | Verified |
| Case | Hong Kong Telecommunications HKT is a leading one-stop ICT service provider in mainland China and Hong Kong. Hong Kong Telecommunications has been targeted by APT34 as the main target. | Verified |
| Case | Lamprell Lamprell plc, based in the United Arab Emirates, specialises in construction and fabrication, servicing both the Renewables and Oil & Gas industries. It builds wind turbine foundations as well as shallow-water drilling jackup rigs, liftboats and land rigs, and it also carries out rig refurbishment. Lamprell has been targeted by APT34 as the main target. | Verified |
| Case | Macau University of Science and Technology The Macau University of Science and Technology is a private university in Taipa, Macau, China. Founded in 2000, the university has been acknowledged by Macau Education and Youth Development Bureau. It offers courses instructed in English, Chinese, Portuguese, and Spanish. Macau University of Science and Technology has been targeted by APT34 as the main target. | Verified |
| Case | National Information Technology Center (NITC) NITC is Jordan's ccTLD and IDN ccTLD registry. National Information Technology Center (NITC) has been targeted by APT34 as the main target. | Verified |
| Case | National Media Council The National Media Council is a federal institution of the United Arab Emirates that was established by virtue of Federal Law No. 1 of 2006. It promotes and supports all media-related initiatives and activities in the U.A.E. and abroad. National Media Council has been targeted by APT34 as the main target. | Verified |
| Case | National Security Agency The NSA was formed after King Hamad issued Decree No. 14 of 2002 declaring it as the replacement of the General Directorate for State Security Investigations. National Security Agency has been targeted by APT34 as the main target. | Verified |
| Case | NetCraft Information Technology(Macau) Co. A veteran information technology company locally in Macau.was established in 1996. NetCraft Information Technology(Macau) Co. has been targeted by APT34 as the main target. | Verified |
| Case | Neway Valve (Suzhou) Co Neway Valve (Suzhou) Co., Ltd. is a valve manufacturer based in Suzhou, China. Neway Valve (Suzhou) Co has been targeted by APT34 as the main target. | Verified |
| Case | Nigerian Building & Road Research Institute (NBRRI) The Nigerian Building and Road Research Institute (NBRRI) is a Government of Nigeria institute responsible for researching and developing road and building. Nigerian Building & Road Research Institute (NBRRI) has been targeted by APT34 as the main target. | Verified |
| Case | Presidential Court (Ministry of Presidential Affairs) Presidential Court (Ministry of Presidential Affairs) has been targeted by APT34 as the main target. | Verified |
| Case | Prime Minister's Office Prime Minister's Office has been targeted by APT34 as the main target. | Verified |
| Case | Saudi Arabian Government Saudi Arabian Government has been targeted by APT34 as the main target. | Verified |
| Case | Shanghai Diesel Engine Shanghai New Power Automotive Technology Co., Ltd is a Chinese diesel engine manufacturing company which is wholly owned by SAIC Motor. SDEC headquarters and main production facilities are located in Yangpu District, in Shanghai. Shanghai Diesel Engine has been targeted by APT34 as the main target. | Verified |
| Case | Shenzhen Aisidi Co Shenzhen Aisidi Co.,Ltd wholesales electronic products. The Company provides mobile phones, digital electronics, intelligent terminals, and other products. Shenzhen Aisidi Co has been targeted by APT34 as the main target. | Verified |
| Case | Southwest Securities Co SWSI is one of the leading financial institutions in the region and has established the quality management systems in products servicing. Southwest Securities Co has been targeted by APT34 as the main target. | Verified |
| Case | Supreme Judicial Council (Administrative Court) Supreme Judicial Council (Administrative Court) has been targeted by APT34 as the main target. | Verified |
| Case | Taiwan Green Productivity Foundation The areas of service include: greenhouse gas reduction, energy conservation, recycling, environmental and energy management, low-carbon urban community planning. Taiwan Green Productivity Foundation has been targeted by APT34 as the main target. | Verified |
| Case | Taiwan Intelligent Fiber Optic Network Consortium (Taifo) The Taiwan Intelligent Fiber Optic Network Consortium (Taifo), a joint venture established in 2012 specifically for setting up a fiber-optic communications network around Taipei City, on May 8 began construction. Taiwan Intelligent Fiber Optic Network Consortium (Taifo) has been targeted by APT34 as the main target. | Verified |
| Case | Zayed International Airport (Abu Dhabi International Airport) Zayed International Airport, also known as Abu Dhabi International Airport, is the primary international airport serving Abu Dhabi, the capital of the United Arab Emirates. Zayed International Airport (Abu Dhabi International Airport) has been targeted by APT34 as the main target. | Verified |
| Sector | Defense | Verified |
| Sector | Financial | Verified |
| Sector | Government Agencies and Services | Verified |
| Sector | Manufacturing | Verified |
| Sector | Professional Service | Verified |
| Sector | Aerospace | Verified |
| Sector | Energy | Verified |
| Sector | Healthcare | Verified |
| Sector | Media | Verified |
| Sector | University | Verified |
| Region | Albania | Verified |
| Region | Bahrain | Verified |
| Region | Cambodia | Verified |
| Region | China | Verified |
| Region | Egypt | Verified |
| Region | Hong Kong | Verified |
| Region | Iran | Verified |
| Region | Israel | Verified |
| Region | Jordan | Verified |
| Region | Kazakhstan | Verified |
| Region | Kuwait | Verified |
| Region | Lebanon | Verified |
| Region | Macau | Verified |
| Region | Mexico | Verified |
| Region | Myanmar | Verified |
| Region | Nigeria | Verified |
| Region | North Korea | Verified |
| Region | Oman | Verified |
| Region | Palestine | Verified |
| Region | Qatar | Verified |
| Region | Samoa | Verified |
| Region | Saudi Arabia | Verified |
| Region | Taiwan | Verified |
| Region | Thailand | Verified |
| Region | Turkey | Verified |
| Region | United Arab Emirates | Verified |
| Region | Zimbabwe | Verified |
FAQs
Understanding the APT34 Cyber Espionage Campaign
A state-linked cyber-espionage group known as APT34 had its tools, stolen credentials, and target list exposed by another group named Lab Dookhtegan. These leaks revealed widespread cyber intrusions targeting government and critical sectors.
APT34, also known as OilRig, is believed to be linked to Iranian state interests. They are known for long-term, covert cyber operations targeting strategic sectors in the Middle East and beyond.
APT34 aimed to steal sensitive government and industry data, likely for intelligence gathering, surveillance, and regional influence.
Targets included government agencies, financial institutions, media companies, energy providers, and universities, mainly in the UAE, China, Saudi Arabia, and Jordan.
APT34 used a combination of phishing attacks, web vulnerabilities, and custom malware like webshells and remote trojans to gain and maintain unauthorized access.
These sectors hold valuable political, economic, and strategic data that are attractive to nation-state actors for intelligence purposes.
Organizations should enforce strict cybersecurity hygiene, including regular patching, strong authentication, monitoring for unusual behavior, and staff awareness training on phishing.
This was a targeted campaign focusing on high-value institutions across multiple countries, particularly in the Middle East.