The earliest instance where a cyber attack was attributed to the OilRig campaign was in late 2015. To date, two periods of high activity have been identified following the initial attack. These were in May and October 2016.
All known samples from these periods used infected Excel files attached to phishing emails to infect victims. Once infected, the victim machine can be controlled by the attacker to perform basic remote-access trojan-like tasks including command execution and file upload and download.
Adrian Schofield sheds light on tech in South Africa
Mark Chillingworth on IT leadership