ClearSky Security discovered a new campaign conducted by the Iranian OilRig APT leveraging digitally signed malware and fake University of Oxford domains. The Iranian hackers set up a fake Juniper Networks VPN portal and used compromised email accounts from IT vendors to lure victims to it. Researchers also discovered other attacks in which the Iranian hackers used four domain names apparently belonging to Oxford University (including oxford-symposia[.]com) The attacks targeted several Israeli organizations, including IT vendors, the national postal service, and financial institutions.”]
Source: https://securityaffairs.co/wordpress/55145/apt/oilrig-apt-itan.html

