{"id":9048,"date":"2023-05-29T15:43:55","date_gmt":"2023-05-29T10:13:55","guid":{"rendered":"https:\/\/threatcop.com\/blog\/?p=9048"},"modified":"2024-08-12T11:31:54","modified_gmt":"2024-08-12T06:01:54","slug":"oilalpha-hacker-group-targets-yemen","status":"publish","type":"post","link":"https:\/\/threatcop.com\/blog\/oilalpha-hacker-group-targets-yemen\/","title":{"rendered":"Pro-Houthi OilAlpha Hacker Group Targets Yemen-Related Entities, Reports"},"content":{"rendered":"<p style=\"text-align: justify;\"><span style=\"font-weight: 400; color: #000000;\">A hacker group, OilAlpha, which appears to support Houthis in Yemen has targeted humanitarian and international organizations in the Arabian Peninsula via using phishing techniques on WhatsApp. Allegedly, the threat actors are targeting organizations connected to media, non-governmental activities, international humanitarian efforts, and development sectors.\u00a0It is nearly certain that the <strong>targeted entities had common interests in Yemen, security, humanitarian aid, and reconstruction initiatives.<\/strong> A cybersecurity firm that had been tracking OilAlpha&#8217;s ongoing hacking campaign since May 2022 reported the attack.\u00a0<\/span><\/p><div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 ez-toc-wrap-center counter-hierarchy ez-toc-counter ez-toc-light-blue ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #414141;color:#414141\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #414141;color:#414141\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><ul class='ez-toc-list-level-2' ><li class='ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/threatcop.com\/blog\/oilalpha-hacker-group-targets-yemen\/#How_did_OilAlpha_Carry_Out_Phishing_Attacks_Through_WhatsApp\" >How did OilAlpha Carry Out Phishing Attacks Through WhatsApp?<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/threatcop.com\/blog\/oilalpha-hacker-group-targets-yemen\/#Whatsapp_Messages_from_the_Hackers\" >Whatsapp Messages from the Hackers<\/a><\/li><\/ul><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/threatcop.com\/blog\/oilalpha-hacker-group-targets-yemen\/#Did_OilAlpha_Succeed_in_its_Operations\" >Did OilAlpha Succeed in its Operations?<\/a><ul class='ez-toc-list-level-2' ><li class='ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/threatcop.com\/blog\/oilalpha-hacker-group-targets-yemen\/#How_can_Organizations_Prevent_WhatsApp_Phishing_Attacks\" >How can Organizations Prevent WhatsApp Phishing Attacks?<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/threatcop.com\/blog\/oilalpha-hacker-group-targets-yemen\/#Book_a_Free_Demo_Call_with_Our_People_Security_Expert\" >Book a Free Demo Call with Our People Security Expert<\/a><ul class='ez-toc-list-level-4' ><li class='ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/threatcop.com\/blog\/oilalpha-hacker-group-targets-yemen\/#Enter_your_details\" >Enter your details<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/threatcop.com\/blog\/oilalpha-hacker-group-targets-yemen\/#FAQs_WhatsApp_phishing_attack_on_Yemen-Related_Entities\" >FAQs: WhatsApp phishing attack on Yemen-Related Entities<\/a><\/li><\/ul><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n\n\n<style type=\"text\/css\">\n      @media print, screen and (max-width: 63.99875em){\n      .tnp-submit\n      width: 48%;\n      }\n      .wp-block-tnp-minimal{\n      padding: 20px;\n      }\n      .blog_para\n      margin-top: 4px !important;\n      line-height: 25px !important;\n      font-size: 15px !important;\n      }\n\n      }\n      .blog_para{\n      font-family: jost,sans-serif;\n      margin-top: 14px;\n      margin-bottom: 30px;\n      color: #fff;\n      font-size: 15px !important;\n      color: black !important;\n\n      }\n\n      .wp-block-tnp-minimal{\n      padding:20px;\n      border: 1px solid grey;\n      }\n\n      .tnp-submit a{\n        background: #1d58c7!important;\n    border-radius: 5px!important;\n    text-transform: inherit!important;\n    padding: 8px 25px!important;\n    font-weight: 600!important;\n    color: #fff!important;\n    width: 30%!important;\n    border: none;\n      }\n\n      .blog_get{\n      font-size: 24px !important;\n      font-weight: 700;\n      padding-bottom: 0px;\n    font-family: 'Poppins' !important;\n      margin-bottom: 0px;\n      margin-top: 0px;\n      margin-bottom: 0px !important;\n      color: white;\n          line-height: 30px;\n          color: white;\n      }\n      .row{\n             display: flex;\n    flex-wrap: wrap;\n    flex-direction: row;\n    padding: 25px 0px 25px 36px;\n    align-items: center;\n\n      }\n\n.colLeft{\n         flex-basis:50%;\n    -webkit-box-flex: 0;\n    flex-grow: 0;\n    max-width: 50%;\n    color: white;\n}\n    \n .colRight{\n       flex-basis: 45%;\n    -webkit-box-flex: 0;\n    flex-grow: 0;\n    max-width: 50%;\n }\n\n.tnp-subscription-minimal{\n    float: right;\n}\n<\/style>\n<div style=\"max-width: 741px; margin: 0 auto; background-image: url('https:\/\/awareness.threatcop.ai\/marketing\/linkedinlowerbanner.webp'); background-repeat: no-repeat; background-size: cover; background-position: center; \">\n<div class=\"row\">\n<div class=\"colLeft\">\n<p class=\"blog_get\" style=\"font-family: 'Poppins' !important; color: white !important\">Subscribe to Our Newsletter On Linkedin<\/p>\n<p class=\"blog_para\" style=\"font-size: 16px;font-family: 'Poppins' !important; color: white !important; margin-top: 10px; margin-bottom: 28px;line-height: 25px;\">Sign up to Stay Tuned with the Latest Cyber Security News and Updates<\/p>\n\n<div>\n<div class=\"tnp\" style=\"margin-bottom: 10px;\">\n            <form action=\"https:\/\/threatcop.com\/newsletter-thank-you\" method=\"get\" target=\"_blank\">\n<div class=\"tnp-submit\">\n                  <a class=\"libutton\" href=\"https:\/\/www.linkedin.com\/build-relation\/newsletter-follow?entityUrn=7062043746430783488\" target=\"_blank\" rel=\"noopener\">Subscribe<\/a><\/div>\n<\/form><\/div>\n<\/div>\n<\/div>\n<div class=\"colRight\">\n<div>\n<div class=\"tnp tnp-subscription-minimal \">\n            <img decoding=\"async\" src=\"https:\/\/awareness.threatcop.ai\/marketing\/newsletter-icon.webp\" class=\"img-fluid\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400;\"><span style=\"color: #000000;\">Recorded<\/span> <span style=\"color: #000000;\">Future\u2019s threat research division, Insikt Group, which has been tracking OilAlpha&#8217;s activities, claims that OilAlpha has targeted people who are pro-Saudi Arabian government-led negotiations. OilAlpha is using spoofed Android applications. The spoofed applications impersonate organizations working with the UAE humanitarian entity, the Saudi Arabian government, and others OilAlpha is suspected to be pro-Houthis because it targeted only individuals the Houthis wanted to engage with directly.<\/span><\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><b><span style=\"color: #000000;\">You can also read &#8211;<\/span> <\/b><a href=\"https:\/\/www.linkedin.com\/pulse\/whatsapp-phishing-rising-threat-via-instant-messaging-app-threatcop\/\"><b><i>WhatsApp Phishing: Rising Threat Via Instant Messaging App<\/i><\/b><\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"How_did_OilAlpha_Carry_Out_Phishing_Attacks_Through_WhatsApp\"><\/span><b>How did OilAlpha Carry Out Phishing Attacks Through WhatsApp?<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\"><strong>OilAlpha sent malicious Android files to political representatives and Journalists on WhatsApp.<\/strong> OilAlpha suspected of pro-Houthi ties after phishing attacks targeted Houthis&#8217; targets.&nbsp;The <strong>hacking group target Android phones which people in the region widely use<\/strong>. Let us see how they sent the malicious files.<\/span><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><span style=\"color: #000000;\">OilAlpha used the Public Telecommunications Corporation (PTC), a Yemeni government infrastructure under the direct control of the Houthi authorities. <\/span><\/li>\n\n\n\n<li><span style=\"font-weight: 400; color: #000000;\">The phishers group launched a <strong>phishing campaign through WhatsApp<\/strong> which is an encrypted chat messenger.\u00a0<\/span><\/li>\n\n\n\n<li><span style=\"color: #000000;\"><span style=\"font-weight: 400;\">The <\/span><a style=\"color: #000000;\" href=\"https:\/\/threatcop.com\/blog\/phishing-and-pharming\/\"><span style=\"font-weight: 400;\"><span style=\"color: #183994;\"><strong>phishing<\/strong><\/span><\/span><\/a><span style=\"font-weight: 400;\"> campaign was carried out using URL shorteners in the messages on Android devices and the victims were Arabic-language speakers.<\/span><\/span><\/li>\n\n\n\n<li><span style=\"font-weight: 400; color: #000000;\">The <strong>messages contain long Arabic messages and a WhatsApp documents file that had a malicious link<\/strong> along with an image of a government document.\u00a0<\/span><\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\"><b><span style=\"color: #000000;\">Here is a free tool to check any suspicious link :<\/span> <\/b><a href=\"https:\/\/threatcop.com\/phishing-url-checker\"><b><i>Phishing URL Checker<\/i><\/b><\/a><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Whatsapp_Messages_from_the_Hackers\"><\/span>Whatsapp Messages from the Hackers<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n<div class=\"wp-block-image wp-image-9050\">\n<figure class=\"aligncenter\"><img loading=\"lazy\" decoding=\"async\" width=\"688\" height=\"1390\" src=\"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2023\/05\/Oil_Alpha_001.png\" alt=\"OilAlpha targeted humanitarian organizations in Arabian Peninsula \" class=\"wp-image-9050\"\/><figcaption class=\"wp-element-caption\"><span style=\"color: #000000;\"><strong>(Source: Recorded Future)<\/strong><\/span><\/figcaption><\/figure>\n<\/div>\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400;\"><span style=\"color: #000000;\">It has been claimed that the <strong>njRAT samples are in touch with C2s associated with this group which indicates that it may continue using other malware for operating attacks<\/strong>. It seems that the attackers may target individuals and entities supporting Yemen\u2019s political and security developments along with other non-governmental organizations operating in the country.<\/span>&nbsp;<\/span><\/p>\n\n\n<div class=\"wp-block-image wp-image-9054\">\n<figure class=\"aligncenter\"><img loading=\"lazy\" decoding=\"async\" width=\"740\" height=\"1390\" src=\"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2023\/05\/Oil_Alpha_002_recordedfuture.png\" alt=\"OilAlpha attacked Organisation Arabian Peninsula\" class=\"wp-image-9054\"\/><figcaption class=\"wp-element-caption\"><span style=\"color: #000000;\">(Source: Recorded Future)<\/span><\/figcaption><\/figure>\n<\/div>\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400;\"><span style=\"color: #000000;\">OilAlpha was more likely planning espionage activities as they used Remote Access Tools (RATs) like SpyMax and SpyNote to execute this phishing attack. Both the <strong>RATs SpyNote and SpyMax can be very harmful as they have the ability to access the device\u2019s camera and audio, SMS data, call logs, network information, contact information, and GPS location data.<\/strong><\/span><strong>&nbsp;<\/strong><\/span><\/p>\n\n\n<div class=\"wp-block-image wp-image-9055\">\n<figure class=\"aligncenter\"><img loading=\"lazy\" decoding=\"async\" width=\"686\" height=\"1386\" src=\"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2023\/05\/Oil_Alpha_003_recorded-future.png\" alt=\"OilAlpha attacked on Arabian Peninsula\" class=\"wp-image-9055\"\/><figcaption class=\"wp-element-caption\"><span style=\"color: #000000;\">(Source: Recorded Future)<\/span><\/figcaption><\/figure>\n<\/div>\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\"><span style=\"font-weight: 400;\">Not just the journalist and political representatives, the hackers&#8217; group have also targeted non-governmental organizations that conduct or coordinated disaster response and human work in Yemen. OilAlpha has <\/span><b>spoofed applications of organizations such as the Norwegian Refugee Council, the United Nations Children\u2019s Emergency Fund, and the Red Crescent Society. <\/b><span style=\"font-weight: 400;\">However, the<\/span> <span style=\"font-weight: 400;\">group appears to have purposely didn\u2019t give any effort to hide its infrastructure. The group\u2019s exclusive use of dynamic DNS further provides a significant clue for attribution purposes.<\/span><\/span><\/p>\n\n\n\n<h1 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Did_OilAlpha_Succeed_in_its_Operations\"><\/span><strong>Did OilAlpha Succeed in its Operations?<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h1>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\"><span style=\"font-weight: 400;\">There is no such representation of how successful OilAlpha got in the ongoing campaign but it has been alleged that the hacker group has also spoofed other Saudi Arabian firms after noticing the icons of entities in the malware. The organizations include <\/span><strong><i>King Salman Humanitarian Aid, King Khalid Foundation, Relief Centre, and Project <\/i>MASAM.<\/strong><\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\"><span style=\"font-weight: 400;\">The applications of organizations that manage disaster and humanitarian work in Yemen were also attacked by the OilAlpha such as&nbsp; <\/span><strong><i>Norwegian Refugee Council, Red Crescent Society, and the United Nations Children\u2019s Emergency Fund.&nbsp;<\/i><\/strong><\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\"><span style=\"font-weight: 400;\">The report mentioned that there is still a lot more to find out to back up that back Yemeni operatives are behind the ongoing <\/span><span style=\"color: #183994;\"><strong><a style=\"color: #183994;\" href=\"https:\/\/threatcop.com\/blog\/phishing-attacks\/\">phishing<\/a><\/strong><\/span><span style=\"font-weight: 400;\"> campaign by OilAlpha. John Condra, Director of Strategic and Persistent Threats at Insikt Group said, \u201cUncertainly, it is difficult to determine if there has been any compromise of those assets and consequently, it is possible that foreign threat actors are utilizing them.\u201d&nbsp;<\/span><\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">He further stated that it is not clear yet that they are selling their infrastructure to other attackers and may be using it to target individuals of their interest. Outsiders like Iraqi Hezbollah, and Iranian and Lebanese hackers are favoring Islamic Revolutionary Guard Corps as they have a vested interest in the outcome of the civil war, which resulted in this threat.&nbsp;&nbsp;<\/span><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"How_can_Organizations_Prevent_WhatsApp_Phishing_Attacks\"><\/span><b>How can Organizations Prevent WhatsApp Phishing Attacks?<\/b><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">To prevent phishing attacks through WhatsApp, organizations should prioritize employee awareness and training, educating them about the risks associated with WhatsApp phishing and providing guidance on identifying and handling suspicious messages. Organizations must employ <\/span><span style=\"color: #183994;\"><strong><a style=\"color: #183994;\" href=\"https:\/\/threatcop.com\/whatsapp-phishing-simulation-and-awareness-training\">WhatsApp phishing simulation and awareness training<\/a> solutions<\/strong><\/span><span style=\"color: #000000;\"><strong> to transform their employees into the strongest<\/strong><span style=\"font-weight: 400;\"><strong> defense against such attacks<\/strong>.&nbsp;&nbsp;<\/span><\/span><\/p>\n\n\n\n<!DOCTYPE html>\n<html lang=\"en\">\n\n<head>\n    <meta charset=\"UTF-8\">\n    <meta http-equiv=\"X-UA-Compatible\" content=\"IE=edge\">\n    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\n    <title>Document<\/title>\n<\/head>\n\n<style>\n    .interestedBtn {\n        width: 80% !important;\n        box-sizing: border-box !important;\n        display: inline-block !important;\n        padding: 11px !important;\n        border: 1px !important;\n        border-color: #ddd !important;\n        margin-top: 10px !important;\n        background-color: #183e8b !important;\n        background-image: none !important;\n        text-shadow: none !important;\n        color: #fff !important;\n        font-size: 14px !important;\n        line-height: 20px !important;\n        border-radius: 5px !important;\n        margin: 0 !important;\n        cursor: pointer !important;\n        box-shadow: 0px 4.66px 22.99px 0px rgba(0, 0, 0, 0.10);;\n    }\n\n\n        .formSec .formSecTwo{\n            padding-top: 15px !important;\n            margin-bottom: 30px !important;\n        }\n\n\n    .tnp-email {\n        width: 80% !important;\n        box-sizing: border-box;\n        padding: 8px 10px;\n        display: inline-block;\n        border: 1px solid #ced4da;\n        background: #fff;\n        color: #000 !important;\n        font-size: 13px;\n        line-height: 20px;\n        border-radius: 2px;\n        padding-right: 30px;\n        margin-bottom: 0px;\n    }\n\n    .formSec {\n        border: 1px solid #ced4da;\n        float: left !important;\n        width: 55% !important;\n    }\n\n    .mainBox {\n       \/* border: 1px solid #183e8b;*\/\n         background: white;\n        max-width: 600px !important;\n        margin: 0 auto !important;\n        padding: 20px !important;\n        font-family: Arial, Helvetica, sans-serif !important;\n    }\n\n    .boxDiv {\n        display: flex !important;\n    }\n\n    .boxConsult {\n        float: left !important;\n        width: 45% !important;\n        padding: 10px !important;\n    }\n\n    .formSecTwo {\n        text-align:center !important;\n        width: 100% !important;\n    }\n\n    .formHeading {\n        font-family: Arial, Helvetica, sans-serif;\n        margin-top: 0px;\n        font-weight: 700;\n        line-height: 25px;\n        font-size: 18px !important;\n        \n       margin-bottom: 60px !important;\n       color: #000!important;\n          margin-top: 5px !important;\n    }\n\n    .fieldHeading {\n        margin: 0 !important;\n        font-size: 13px !important;\n        text-align: left !important;\n        margin: 0px 39px 2px 93px !important;\n        font-weight: 500 !important;\n    }\n\n    .image {\n        max-width:90% !important;\n        height: auto !important;\n    }\n\n     .email-icon {\n            position: absolute;\n            right: 50px;\n             top: 20px;\n            transform: translateY(-50%);\n            pointer-events: none; \n        }\n\n          .email-container{\n             position: relative;\n         \n        }\n       \n\n        .email-icon img{\n                 width: 15px;\n        }\n\n\n         input::placeholder {\n            color:#495057;\n        }\n\n\n     ::placeholder {\n        color: #495057;\n    }\n\n        ::-ms-input-placeholder { \n          color:#495057;\n        }\n\n\n        input:-webkit-autofill {\n            background-color: transparent !important;\n            -webkit-box-shadow: 0 0 0px 1000px white inset !important; \n            box-shadow: 0 0 0px 1000px white inset !important;\n            color: #495057 !important; \n        }\n\n        \n        input {\n            color:#495057 !important;\n        }\n\n\n    @media screen and (max-width: 480px) {\n        .boxDiv {\n            display: block !important;\n            padding: 15px !important;\n         \n        }\n\n        .image{\n        width: 80% !important;\n         margin-bottom: 14px;\n        }\n        .fieldHeading {\n            text-align: left !important;\n            margin: unset !important;\n        }\n\n        .boxConsult {\n            width: unset !important;\n            float: none !important;\n        }\n\n        .mainBox {\n            border: unset !important;\n        }\n\n        .formSec {\n            float: unset !important;\n            width: 100% !important;\n        }\n\n        .formSecTwo {\n            text-align: center !important;\n        }\n\n        .tnp-email {\n            width: 90% !important;\n        }\n\n        .formHeading {\n            margin-bottom: unset !important;\n        }\n\n         .email-icon {\n            position: absolute;\n            right: 25px;\n            top: 58%;\n            transform: translateY(-50%);\n            pointer-events: none; \/* Make sure the icon doesn't block clicking on the input *\/\n        }\n       \n        .email-container{\n             position: relative;\n        }\n\n    }\n<\/style>\n\n<body>\n\n    <div class=\"mainBox\" box-sizing:=\"\" border-box;=\"\">\n\n        <div class=\"boxDiv\">\n\n            <div class=\"boxConsult\">\n                <div>\n                    <h3 class=\"formHeading\" style=\" font-size: 16px !important;\"><span class=\"ez-toc-section\" id=\"Book_a_Free_Demo_Call_with_Our_People_Security_Expert\"><\/span>\n                        Book a Free Demo Call with Our People Security Expert<span class=\"ez-toc-section-end\"><\/span><\/h3>\n                <\/div>\n                <img decoding=\"async\" src=\"https:\/\/awareness.threatcop.ai\/threatcop_blog\/form.svg\" class=\"image\">\n            <\/div>\n\n            <div class=\"formSec\">\n                <div class=\" formSecTwo\">\n                    <h4 style=\"margin-top: 0; font-size: 16px !important;\"><span class=\"ez-toc-section\" id=\"Enter_your_details\"><\/span>Enter your details<span class=\"ez-toc-section-end\"><\/span><\/h4>\n                    <div class=\"tnp tnp-subscription-minimal\">\n                        <form action=\"https:\/\/threatcop.com\/thankyou-blog\" method=\"get\" target=\"_blank\">\n                            <div class=\"email-container\" style=\"margin-bottom:20px;\">\n\n                                <input class=\"tnp-email\" type=\"text\" required=\"\" name=\"FullName\" value=\"\"\n                                    placeholder=\"Full Name\">\n                                    <span class=\"email-icon\"><img decoding=\"async\" src=\"https:\/\/awareness.threatcop.ai\/threatcop_blog\/icon01.svg\" class=\"img-fluid\" \/><\/span>\n                            <\/div>\n\n                            <div class=\"email-container\" style=\"margin-bottom:20px;\">\n                               \n                                <input class=\"tnp-email\" type=\"email\" required=\"\" name=\"email\" value=\"\"\n                                    placeholder=\"Corporate Email Id\">\n                                     <span class=\"email-icon\"><img decoding=\"async\" src=\"https:\/\/awareness.threatcop.ai\/threatcop_blog\/icon02.svg\" class=\"img-fluid\" \/><\/span>\n                            <\/div>\n\n                            <div class=\"email-container\" style=\"margin-bottom:20px;\">\n                               \n                                <input class=\"tnp-email\" type=\"text\" required=\"\" name=\"CompanyName\" value=\"\"\n                                    placeholder=\"Company Name\">\n                                    <span class=\"email-icon\"><img decoding=\"async\" src=\"https:\/\/awareness.threatcop.ai\/threatcop_blog\/icon03.svg\" class=\"img-fluid\" \/><\/span>\n\n                            <\/div>\n\n                            <div class=\"email-container\">\n                               \n                                <input class=\"tnp-email\" type=\"number\" required=\"\" name=\"Phone\" value=\"\"\n                                    placeholder=\"Phone No.\"><br>\n                                    <span class=\"email-icon\"><img decoding=\"async\" src=\"https:\/\/awareness.threatcop.ai\/threatcop_blog\/icon04.svg\" class=\"img-fluid\" \/><\/span>\n                            <\/div>\n                            <input type=\"hidden\" name=\"BlogForm\" value=\"BlogForm\"><br>\n                            <input class=\"tnp-submit interestedBtn\" name=\"submit\" type=\"submit\"\n                                value=\"SUBMIT\">\n\n                        <\/form>\n                    <\/div>\n                <\/div>\n            <\/div>\n\n        <\/div>\n    <\/div>\n\n<\/body>\n\n<\/html>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\"><strong>Implementing strong security policies, including the use of strong passwords and discouraging the sharing of sensitive information, is crucial.<\/strong> Enabling two-factor authentication (2FA) adds an extra layer of security to WhatsApp accounts. Additionally, employees should verify the authenticity of senders before responding to messages, using alternative communication channels to confirm their identity when dealing with requests for sensitive information or financial transactions. These measures collectively enhance protection against phishing attacks on WhatsApp.<\/span><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"FAQs_WhatsApp_phishing_attack_on_Yemen-Related_Entities\"><\/span><span style=\"color: #000000;\"><b>FAQs: WhatsApp phishing attack on Yemen-Related Entities<\/b><\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<div class=\"schema-faq wp-block-yoast-faq-block\"><div class=\"schema-faq-section\" id=\"faq-question-1685358364795\"><strong class=\"schema-faq-question\">Which attack vector did the OilAlpha Hacker Group use?<\/strong> <p class=\"schema-faq-answer\">Hackers deploy malware using attack vectors, and then execute it to gain access to a system or server. <strong>OilAlpha employed one of the most common social engineering techniques phishing through WhatsApp.<\/strong> The hacker sent messages containing long Arabic messages and a documents file that had a malicious link.<\/p> <\/div> <div class=\"schema-faq-section\" id=\"faq-question-1685358474563\"><strong class=\"schema-faq-question\"><\/strong> <p class=\"schema-faq-answer\"><\/p> <\/div> <div class=\"schema-faq-section\" id=\"faq-question-1685358517326\"><strong class=\"schema-faq-question\">Who are OilAlpha Hackers Group?<\/strong> <p class=\"schema-faq-answer\">There is not much information available about the OilAlpha hacker group. The Insikt Group alleges that OilAlpha has targeted individuals who support Saudi Arabian government-led negotiations. It appears to support Houthis in Yemen and has targeted humanitarian and international organizations in the Arabian Peninsula via using phishing techniques on WhatsApp.\u00a0<\/p> <\/div> <div class=\"schema-faq-section\" id=\"faq-question-1685358558832\"><strong class=\"schema-faq-question\">What notable attacks has OilAlpha HackersGroup carried out?<\/strong> <p class=\"schema-faq-answer\">The hacker group has also spoofed other Saudi Arabian firms after noticing the icons of entities in the malware. <strong>The organizations include King Salman Humanitarian Aid, King Khalid Foundation, Relief Centre, and Project MASAM<\/strong>. OilAlpha also attacked the applications of organizations that manage disaster and humanitarian work in Yemen, such as the Norwegian Refugee Council, the Red Crescent Society, and the United Nations Children&#8217;s Emergency Fund. It has also spoofed applications of organizations such as the Norwegian Refugee Council, the United Nations Children\u2019s Emergency Fund, and the Red Crescent Society.<\/p> <\/div> <div class=\"schema-faq-section\" id=\"faq-question-1685358585350\"><strong class=\"schema-faq-question\">How can Organizations Prevent WhatsApp Phishing Atacks?<\/strong> <p class=\"schema-faq-answer\">Train employees to recognize phishing messages. Phishing messages manipulate you into taking action by using unexpected content and employing social engineering techniques. Employees should be aware of these methods. <a href=\"https:\/\/threatcop.com\/whatsapp-phishing-simulation-and-awareness-training\"><strong>WhatsApp Phishing Simulation and Awareness <\/strong><\/a>Training can be the only way to protect your organization from WhatsApp phishing.<\/p> <\/div> <div class=\"schema-faq-section\" id=\"faq-question-1685358719558\"><strong class=\"schema-faq-question\"><\/strong> <p class=\"schema-faq-answer\"><\/p> <\/div> <\/div>\n","protected":false},"excerpt":{"rendered":"<p>A hacker group, OilAlpha, which appears to support Houthis in Yemen has targeted humanitarian and international organizations in the Arabian Peninsula via using phishing techniques on WhatsApp. Allegedly, the threat actors are targeting organizations connected to media, non-governmental activities, international humanitarian efforts, and development sectors.\u00a0It is nearly certain that the targeted entities had common interests [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":9049,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[284],"tags":[],"class_list":["post-9048","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-digest"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Pro-Houthi OilAlpha Hacker Group Targets Yemen | Threatcop<\/title>\n<meta name=\"description\" content=\"OilAlpha has targeted humanitarian and international organizations in the Arabian Peninsula via using phishing techniques on WhatsApp.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/threatcop.com\/blog\/oilalpha-hacker-group-targets-yemen\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Pro-Houthi OilAlpha Hacker Group Targets Yemen | Threatcop\" \/>\n<meta property=\"og:description\" content=\"OilAlpha has targeted humanitarian and international organizations in the Arabian Peninsula via using phishing techniques on WhatsApp.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/threatcop.com\/blog\/oilalpha-hacker-group-targets-yemen\/\" \/>\n<meta property=\"og:site_name\" content=\"Threatcop\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/people\/Threatcop\/100083109892339\/\" \/>\n<meta property=\"article:published_time\" content=\"2023-05-29T10:13:55+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-08-12T06:01:54+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2023\/05\/OilAlpha_jpg.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"600\" \/>\n\t<meta property=\"og:image:height\" content=\"576\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Threatcop\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatcop\" \/>\n<meta name=\"twitter:site\" content=\"@threatcop\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Threatcop\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/oilalpha-hacker-group-targets-yemen\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/oilalpha-hacker-group-targets-yemen\\\/\"},\"author\":{\"name\":\"Threatcop\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#\\\/schema\\\/person\\\/e4db27ffd37219d73fc6b40cc9d45cfa\"},\"headline\":\"Pro-Houthi OilAlpha Hacker Group Targets Yemen-Related Entities, Reports\",\"datePublished\":\"2023-05-29T10:13:55+00:00\",\"dateModified\":\"2024-08-12T06:01:54+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/oilalpha-hacker-group-targets-yemen\\\/\"},\"wordCount\":1160,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/oilalpha-hacker-group-targets-yemen\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/05\\\/OilAlpha_jpg.jpg\",\"articleSection\":[\"News and Digest\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/threatcop.com\\\/blog\\\/oilalpha-hacker-group-targets-yemen\\\/#respond\"]}]},{\"@type\":[\"WebPage\",\"FAQPage\"],\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/oilalpha-hacker-group-targets-yemen\\\/\",\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/oilalpha-hacker-group-targets-yemen\\\/\",\"name\":\"Pro-Houthi OilAlpha Hacker Group Targets Yemen | Threatcop\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/oilalpha-hacker-group-targets-yemen\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/oilalpha-hacker-group-targets-yemen\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/05\\\/OilAlpha_jpg.jpg\",\"datePublished\":\"2023-05-29T10:13:55+00:00\",\"dateModified\":\"2024-08-12T06:01:54+00:00\",\"description\":\"OilAlpha has targeted humanitarian and international organizations in the Arabian Peninsula via using phishing techniques on WhatsApp.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/oilalpha-hacker-group-targets-yemen\\\/#breadcrumb\"},\"mainEntity\":[{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/oilalpha-hacker-group-targets-yemen\\\/#faq-question-1685358364795\"},{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/oilalpha-hacker-group-targets-yemen\\\/#faq-question-1685358517326\"},{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/oilalpha-hacker-group-targets-yemen\\\/#faq-question-1685358558832\"},{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/oilalpha-hacker-group-targets-yemen\\\/#faq-question-1685358585350\"}],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/threatcop.com\\\/blog\\\/oilalpha-hacker-group-targets-yemen\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/oilalpha-hacker-group-targets-yemen\\\/#primaryimage\",\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/05\\\/OilAlpha_jpg.jpg\",\"contentUrl\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/05\\\/OilAlpha_jpg.jpg\",\"width\":600,\"height\":576},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/oilalpha-hacker-group-targets-yemen\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Pro-Houthi OilAlpha Hacker Group Targets Yemen-Related Entities, Reports\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/\",\"name\":\"Threatcop\",\"description\":\"Cybersecurity Blogs, News, Updates, and Articles\",\"publisher\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#organization\",\"name\":\"Threatcop\",\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/threatcop-logo-black-1.png\",\"contentUrl\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/threatcop-logo-black-1.png\",\"width\":432,\"height\":102,\"caption\":\"Threatcop\"},\"image\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/people\\\/Threatcop\\\/100083109892339\\\/\",\"https:\\\/\\\/x.com\\\/threatcop\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/threatcop\\\/\",\"https:\\\/\\\/www.instagram.com\\\/threatcop_official\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#\\\/schema\\\/person\\\/e4db27ffd37219d73fc6b40cc9d45cfa\",\"name\":\"Threatcop\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/avatar_user_1_1696398433.jpeg\",\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/avatar_user_1_1696398433.jpeg\",\"contentUrl\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/avatar_user_1_1696398433.jpeg\",\"caption\":\"Threatcop\"},\"sameAs\":[\"https:\\\/\\\/threatcop.com\"]},{\"@type\":\"Question\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/oilalpha-hacker-group-targets-yemen\\\/#faq-question-1685358364795\",\"position\":1,\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/oilalpha-hacker-group-targets-yemen\\\/#faq-question-1685358364795\",\"name\":\"Which attack vector did the OilAlpha Hacker Group use?\",\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Hackers deploy malware using attack vectors, and then execute it to gain access to a system or server. <strong>OilAlpha employed one of the most common social engineering techniques phishing through WhatsApp.<\\\/strong> The hacker sent messages containing long Arabic messages and a documents file that had a malicious link.\",\"inLanguage\":\"en-US\"},\"inLanguage\":\"en-US\"},{\"@type\":\"Question\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/oilalpha-hacker-group-targets-yemen\\\/#faq-question-1685358517326\",\"position\":3,\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/oilalpha-hacker-group-targets-yemen\\\/#faq-question-1685358517326\",\"name\":\"Who are OilAlpha Hackers Group?\",\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"There is not much information available about the OilAlpha hacker group. The Insikt Group alleges that OilAlpha has targeted individuals who support Saudi Arabian government-led negotiations. It appears to support Houthis in Yemen and has targeted humanitarian and international organizations in the Arabian Peninsula via using phishing techniques on WhatsApp.\u00a0\",\"inLanguage\":\"en-US\"},\"inLanguage\":\"en-US\"},{\"@type\":\"Question\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/oilalpha-hacker-group-targets-yemen\\\/#faq-question-1685358558832\",\"position\":4,\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/oilalpha-hacker-group-targets-yemen\\\/#faq-question-1685358558832\",\"name\":\"What notable attacks has OilAlpha HackersGroup carried out?\",\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"The hacker group has also spoofed other Saudi Arabian firms after noticing the icons of entities in the malware. <strong>The organizations include King Salman Humanitarian Aid, King Khalid Foundation, Relief Centre, and Project MASAM<\\\/strong>. OilAlpha also attacked the applications of organizations that manage disaster and humanitarian work in Yemen, such as the Norwegian Refugee Council, the Red Crescent Society, and the United Nations Children's Emergency Fund. It has also spoofed applications of organizations such as the Norwegian Refugee Council, the United Nations Children\u2019s Emergency Fund, and the Red Crescent Society.\",\"inLanguage\":\"en-US\"},\"inLanguage\":\"en-US\"},{\"@type\":\"Question\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/oilalpha-hacker-group-targets-yemen\\\/#faq-question-1685358585350\",\"position\":5,\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/oilalpha-hacker-group-targets-yemen\\\/#faq-question-1685358585350\",\"name\":\"How can Organizations Prevent WhatsApp Phishing Atacks?\",\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Train employees to recognize phishing messages. Phishing messages manipulate you into taking action by using unexpected content and employing social engineering techniques. Employees should be aware of these methods. <a href=\\\"https:\\\/\\\/threatcop.com\\\/whatsapp-phishing-simulation-and-awareness-training\\\"><strong>WhatsApp Phishing Simulation and Awareness <\\\/strong><\\\/a>Training can be the only way to protect your organization from WhatsApp phishing.\",\"inLanguage\":\"en-US\"},\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Pro-Houthi OilAlpha Hacker Group Targets Yemen | Threatcop","description":"OilAlpha has targeted humanitarian and international organizations in the Arabian Peninsula via using phishing techniques on WhatsApp.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/threatcop.com\/blog\/oilalpha-hacker-group-targets-yemen\/","og_locale":"en_US","og_type":"article","og_title":"Pro-Houthi OilAlpha Hacker Group Targets Yemen | Threatcop","og_description":"OilAlpha has targeted humanitarian and international organizations in the Arabian Peninsula via using phishing techniques on WhatsApp.","og_url":"https:\/\/threatcop.com\/blog\/oilalpha-hacker-group-targets-yemen\/","og_site_name":"Threatcop","article_publisher":"https:\/\/www.facebook.com\/people\/Threatcop\/100083109892339\/","article_published_time":"2023-05-29T10:13:55+00:00","article_modified_time":"2024-08-12T06:01:54+00:00","og_image":[{"width":600,"height":576,"url":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2023\/05\/OilAlpha_jpg.jpg","type":"image\/jpeg"}],"author":"Threatcop","twitter_card":"summary_large_image","twitter_creator":"@threatcop","twitter_site":"@threatcop","twitter_misc":{"Written by":"Threatcop","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/threatcop.com\/blog\/oilalpha-hacker-group-targets-yemen\/#article","isPartOf":{"@id":"https:\/\/threatcop.com\/blog\/oilalpha-hacker-group-targets-yemen\/"},"author":{"name":"Threatcop","@id":"https:\/\/threatcop.com\/blog\/#\/schema\/person\/e4db27ffd37219d73fc6b40cc9d45cfa"},"headline":"Pro-Houthi OilAlpha Hacker Group Targets Yemen-Related Entities, Reports","datePublished":"2023-05-29T10:13:55+00:00","dateModified":"2024-08-12T06:01:54+00:00","mainEntityOfPage":{"@id":"https:\/\/threatcop.com\/blog\/oilalpha-hacker-group-targets-yemen\/"},"wordCount":1160,"commentCount":0,"publisher":{"@id":"https:\/\/threatcop.com\/blog\/#organization"},"image":{"@id":"https:\/\/threatcop.com\/blog\/oilalpha-hacker-group-targets-yemen\/#primaryimage"},"thumbnailUrl":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2023\/05\/OilAlpha_jpg.jpg","articleSection":["News and Digest"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/threatcop.com\/blog\/oilalpha-hacker-group-targets-yemen\/#respond"]}]},{"@type":["WebPage","FAQPage"],"@id":"https:\/\/threatcop.com\/blog\/oilalpha-hacker-group-targets-yemen\/","url":"https:\/\/threatcop.com\/blog\/oilalpha-hacker-group-targets-yemen\/","name":"Pro-Houthi OilAlpha Hacker Group Targets Yemen | Threatcop","isPartOf":{"@id":"https:\/\/threatcop.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/threatcop.com\/blog\/oilalpha-hacker-group-targets-yemen\/#primaryimage"},"image":{"@id":"https:\/\/threatcop.com\/blog\/oilalpha-hacker-group-targets-yemen\/#primaryimage"},"thumbnailUrl":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2023\/05\/OilAlpha_jpg.jpg","datePublished":"2023-05-29T10:13:55+00:00","dateModified":"2024-08-12T06:01:54+00:00","description":"OilAlpha has targeted humanitarian and international organizations in the Arabian Peninsula via using phishing techniques on WhatsApp.","breadcrumb":{"@id":"https:\/\/threatcop.com\/blog\/oilalpha-hacker-group-targets-yemen\/#breadcrumb"},"mainEntity":[{"@id":"https:\/\/threatcop.com\/blog\/oilalpha-hacker-group-targets-yemen\/#faq-question-1685358364795"},{"@id":"https:\/\/threatcop.com\/blog\/oilalpha-hacker-group-targets-yemen\/#faq-question-1685358517326"},{"@id":"https:\/\/threatcop.com\/blog\/oilalpha-hacker-group-targets-yemen\/#faq-question-1685358558832"},{"@id":"https:\/\/threatcop.com\/blog\/oilalpha-hacker-group-targets-yemen\/#faq-question-1685358585350"}],"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/threatcop.com\/blog\/oilalpha-hacker-group-targets-yemen\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/threatcop.com\/blog\/oilalpha-hacker-group-targets-yemen\/#primaryimage","url":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2023\/05\/OilAlpha_jpg.jpg","contentUrl":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2023\/05\/OilAlpha_jpg.jpg","width":600,"height":576},{"@type":"BreadcrumbList","@id":"https:\/\/threatcop.com\/blog\/oilalpha-hacker-group-targets-yemen\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/threatcop.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Pro-Houthi OilAlpha Hacker Group Targets Yemen-Related Entities, Reports"}]},{"@type":"WebSite","@id":"https:\/\/threatcop.com\/blog\/#website","url":"https:\/\/threatcop.com\/blog\/","name":"Threatcop","description":"Cybersecurity Blogs, News, Updates, and Articles","publisher":{"@id":"https:\/\/threatcop.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/threatcop.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/threatcop.com\/blog\/#organization","name":"Threatcop","url":"https:\/\/threatcop.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/threatcop.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2026\/06\/threatcop-logo-black-1.png","contentUrl":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2026\/06\/threatcop-logo-black-1.png","width":432,"height":102,"caption":"Threatcop"},"image":{"@id":"https:\/\/threatcop.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/people\/Threatcop\/100083109892339\/","https:\/\/x.com\/threatcop","https:\/\/www.linkedin.com\/company\/threatcop\/","https:\/\/www.instagram.com\/threatcop_official\/"]},{"@type":"Person","@id":"https:\/\/threatcop.com\/blog\/#\/schema\/person\/e4db27ffd37219d73fc6b40cc9d45cfa","name":"Threatcop","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2023\/10\/avatar_user_1_1696398433.jpeg","url":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2023\/10\/avatar_user_1_1696398433.jpeg","contentUrl":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2023\/10\/avatar_user_1_1696398433.jpeg","caption":"Threatcop"},"sameAs":["https:\/\/threatcop.com"]},{"@type":"Question","@id":"https:\/\/threatcop.com\/blog\/oilalpha-hacker-group-targets-yemen\/#faq-question-1685358364795","position":1,"url":"https:\/\/threatcop.com\/blog\/oilalpha-hacker-group-targets-yemen\/#faq-question-1685358364795","name":"Which attack vector did the OilAlpha Hacker Group use?","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"Hackers deploy malware using attack vectors, and then execute it to gain access to a system or server. <strong>OilAlpha employed one of the most common social engineering techniques phishing through WhatsApp.<\/strong> The hacker sent messages containing long Arabic messages and a documents file that had a malicious link.","inLanguage":"en-US"},"inLanguage":"en-US"},{"@type":"Question","@id":"https:\/\/threatcop.com\/blog\/oilalpha-hacker-group-targets-yemen\/#faq-question-1685358517326","position":3,"url":"https:\/\/threatcop.com\/blog\/oilalpha-hacker-group-targets-yemen\/#faq-question-1685358517326","name":"Who are OilAlpha Hackers Group?","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"There is not much information available about the OilAlpha hacker group. The Insikt Group alleges that OilAlpha has targeted individuals who support Saudi Arabian government-led negotiations. It appears to support Houthis in Yemen and has targeted humanitarian and international organizations in the Arabian Peninsula via using phishing techniques on WhatsApp.\u00a0","inLanguage":"en-US"},"inLanguage":"en-US"},{"@type":"Question","@id":"https:\/\/threatcop.com\/blog\/oilalpha-hacker-group-targets-yemen\/#faq-question-1685358558832","position":4,"url":"https:\/\/threatcop.com\/blog\/oilalpha-hacker-group-targets-yemen\/#faq-question-1685358558832","name":"What notable attacks has OilAlpha HackersGroup carried out?","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"The hacker group has also spoofed other Saudi Arabian firms after noticing the icons of entities in the malware. <strong>The organizations include King Salman Humanitarian Aid, King Khalid Foundation, Relief Centre, and Project MASAM<\/strong>. OilAlpha also attacked the applications of organizations that manage disaster and humanitarian work in Yemen, such as the Norwegian Refugee Council, the Red Crescent Society, and the United Nations Children's Emergency Fund. It has also spoofed applications of organizations such as the Norwegian Refugee Council, the United Nations Children\u2019s Emergency Fund, and the Red Crescent Society.","inLanguage":"en-US"},"inLanguage":"en-US"},{"@type":"Question","@id":"https:\/\/threatcop.com\/blog\/oilalpha-hacker-group-targets-yemen\/#faq-question-1685358585350","position":5,"url":"https:\/\/threatcop.com\/blog\/oilalpha-hacker-group-targets-yemen\/#faq-question-1685358585350","name":"How can Organizations Prevent WhatsApp Phishing Atacks?","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"Train employees to recognize phishing messages. Phishing messages manipulate you into taking action by using unexpected content and employing social engineering techniques. Employees should be aware of these methods. <a href=\"https:\/\/threatcop.com\/whatsapp-phishing-simulation-and-awareness-training\"><strong>WhatsApp Phishing Simulation and Awareness <\/strong><\/a>Training can be the only way to protect your organization from WhatsApp phishing.","inLanguage":"en-US"},"inLanguage":"en-US"}]}},"_links":{"self":[{"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/posts\/9048","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/comments?post=9048"}],"version-history":[{"count":22,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/posts\/9048\/revisions"}],"predecessor-version":[{"id":11621,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/posts\/9048\/revisions\/11621"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/media\/9049"}],"wp:attachment":[{"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/media?parent=9048"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/categories?post=9048"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/tags?post=9048"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}