Hunt Intelligence uncovered an exposed staging server in the UAE that revealed a large intrusion campaign against Oman’s Ministry of Justice and Legal Affairs, including attacker tools, C2 code, session logs, and stolen data. The operation exfiltrated more than 26,000 user records and sensitive judicial information, with tactics overlapping known Iranian state-linked activity such as APT34 and MuddyWater. #Oman #MinistryofJusticeandLegalAffairs #APT34 #OilRig #MuddyWater
Keypoints
- An open UAE VPS exposed evidence of a major intrusion campaign against Omani government systems.
- The main target was the Ministry of Justice and Legal Affairs of Oman.
- Attackers exfiltrated over 26,000 user records and sensitive judicial case data.
- The intrusion used a custom webshell on mersaltest.mjla.gov.om for persistent access.
- The activity showed strong overlap with Iranian state-nexus TTPs linked to APT34 and MuddyWater.
Read More: https://securityonline.info/oman-government-cyberattack-hunt-intelligence-apt34-muddywater/