New Hexane Cyber Group Attacks Middle East Industrial Enterprises

Dragos security researchers identified a new cybercriminal group Hexane that aims industrial control systems in the oil and gas enterprises and telecommunications sectors.

According to experts, the attackers began their criminal activities in mid-2018, and use malicious documents to penetrate the network.

“Although the group appears operational since at least mid-2018, activity accelerated in early- to mid-2019. This timeline, targeting, and increase of operations coincides with an escalation of tensions within Middle East, a current area of political and military conflict”, — say Dragos experts.

In the first half of 2019, the group concentrated attacks on oil and gas companies in the Middle East, mainly in Kuwait. Criminals also attempted to attack television providers in the Middle East, Central Asia and Africa.

According to experts, criminals bypass protection of objects through trusted suppliers, compromising devices, software and telecommunication networks used by target objects in the framework of industrial control systems.

Read also: Participants of hacking forums majorly discuss ransomware

The criminal activity of Hexane shows similarities to the attacks of the Magnallium (APT33) and Chrysene groups, since they are all aimed at oil and gas facilities and use similar methods.

“However, the collection of HEXANE behaviors, tools, and victimology makes this a unique entity compared to these previously-observed activity groups. For instance, HEXANE’s observed victimology is mostly focused on critical infrastructure, but divided between ICS verticals and telecommunications operations. Additionally, its infrastructure and capabilities — such as using malicious domains patterned after general IT themes and newly identified detection evasion schemes — are different from related groups”, — report Dragos specialists.

In June, Xenotime hacker group expanded its list of targets and included energy companies in the United States and countries in the Asia-Pacific region. Last year, a team of specialists from Dragos included the abovementioned groups in the list of bands that pose the greatest danger to industrial control systems.
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button