New Hexane Cyber Group Attacks Middle East Industrial Enterprises

Dragos security researchers identified a new cybercriminal group Hexane that aims industrial control systems in the oil and gas enterprises and telecommunications sectors.

“Although the group appears operational since at least mid-2018, activity accelerated in early- to mid-2019. This timeline, targeting, and increase of operations coincides with an escalation of tensions within Middle East, a current area of political and military conflict”, — say Dragos experts.

In the first half of 2019, the group concentrated attacks on oil and gas companies in the Middle East, mainly in Kuwait. Criminals also attempted to attack television providers in the Middle East, Central Asia and Africa.

According to experts, criminals bypass protection of objects through trusted suppliers, compromising devices, software and telecommunication networks used by target objects in the framework of industrial control systems.

Read also: Participants of hacking forums majorly discuss ransomware

The criminal activity of Hexane shows similarities to the attacks of the Magnallium (APT33) and Chrysene groups, since they are all aimed at oil and gas facilities and use similar methods.

“However, the collection of HEXANE behaviors, tools, and victimology makes this a unique entity compared to these previously-observed activity groups. For instance, HEXANE’s observed victimology is mostly focused on critical infrastructure, but divided between ICS verticals and telecommunications operations. Additionally, its infrastructure and capabilities — such as using malicious domains patterned after general IT themes and newly identified detection evasion schemes — are different from related groups”, — report Dragos specialists.