Iranian Crambus actors modify Windows firewall rules to enable remote access. The group, known as OilRig or APT34, has a history of attacking Iranian targets. They targeted a Middle Eastern government, compromising several computers and servers. The attackers used social engineering techniques and modified firewall rules to carry out their attacks. They installed backdoors and keyloggers on multiple machines and used various malware and legitimate tools to facilitate remote access. Researchers believe that Crambus continues to pose a threat to organizations in the Middle East and beyond.

#IranianCrambus #WindowsFirewall #RemoteAccess #OilRig #APT34

https://cybersecuritynews.com/crambus-windows-firewall-rules/