Cyber War In The Middle East Is Escalating

Uploaded on 2019-09-10 in INTELLIGENCE-Hot Spots-Iran, INTELLIGENCE--International, FREE TO VIEW, NEWS-News Analysis, TECHNOLOGY--Hackers

Hacking groups with links to Iran are the latest threat that is making the Persian Gulf one of the world’s most active theatres of Cyber warfare. The oil and gas giants of the Middle East have spotted a new hacking groups attempting to break into their computer systems. The American cybersecurity firms Dragos and Dell’s Secureworks have released Reports on the group codenamed Hexane. 

Although neither company makes a definitive accusation about who is responsible for the hacking, both point toward similarities to Iranian hacking groups and alignment with Iran’s strategic political goals.

Hexane intrusion activity includes malicious documents that drop malware to establish footholds for follow-on activity. Although the group appears operational since at least mid-2018, activity accelerated in early- to-mid-2019. This timeline, targeting, and increase of operations coincides with an escalation of tensions within Middle East, a current area of political and military conflict.

It is the latest in a long line of advanced hacking groups seen in and around the Persian Gulf. In the Middle East, there are few if any more important strategic targets than the oil and gas industry that is behind much of the region's wealth and power.
Another cyber threat come from the Lyceum threat group which targets organisations in sectors of strategic national importance, including oil and gas and possibly telecommunications. 

Research suggests that Lyceum may have been active as early as April 2018. Domain registrations also suggest that a campaign in mid-2018 focused on South African targets. 

In May 2019, the threat group launched a campaign against oil and gas organisations in the Middle East. This campaign followed a sharp uptick in development and testing of their toolkit against a public multi-vendor malware scanning service in February 2019. 

Now Hexane
Hexane demonstrates similarities to the activity groups Magnallium and Chrysene. All of these groups arefocusing largely on oil and gas, and some of the behaviors and recently observed tactics, techniques, and procedures (TTPs) are similar. Dragos identified recent Magnallium activity targeting US government and financial organisations as well as oil and gas companies, attempting to gain access to computers at target organisations. 

The collection of Hexane behaviors, tools, and victimology makes this a unique entity compared to these previously-observed activity groups.

One of the most disruptive hacking campaigns the region has ever seen in the last decade took place in 2012 when Iranian hackers broke into Saudi Arabia's Aramco and deleted files to cripple tens of thousands of key company computers. The malware used in that attack is known as Shamoon.

Saudi Aramco, a state-owned oil company and one of the richest companies on earth, is at the heart of that country's power. The region's energy companies are massively important to all of the nations around the Persian Gulf. The Shamoon hackers also hit the Qatar oil company RasGas.

Active since 2018, Hexane has dramatically increased activity in 2019 and deployed new malware against its targets. The first step in the group's tactics are sending spearphishing attacks to human resources and technology staffers at targeted organisations. 

"Compromising individual HR accounts could yield information and account access that could be used in additional spearphishing operations within the targeted environment and against associated organisations," say Secureworks researchers. 

"IT personnel have access to high-privilege accounts and documentation that could help the threat actors understand the environment without blindly navigating the network to find data and systems of interest."

There is some debate among cybersecurity companies about the exact immediate targets of the group. Hackers can target information technology systems like desktop computers or operational technology systems like programmable logic controllers, computers designed specifically for industrial purposes like oil and gas refinement or manufacturing.

Although the Persian Gulf is a hotbed of cyber activity, countries like Iran have a global reach. Earlier this year, Dragos identified a group dubbed Magnallium that is targeting American government, financial, and energy companies. 

Iran continues to be the target of American hackers including, most notably, when President Donald Trump ordered cyber-attacks on Iranian weapons systems after a US drone was shot down by Iranian forces

MIT Technologu Review:            Secureworks:           Dragos:

You Might Also Read: 

US Cyber Attack Disabled Iran’s Ability To Target Shipping:

The Cyber Effect On Modern Warfare:

 

 

« The GDPR Wake-Up Call Is Being Ignored By Business
New Ransomware Formats Double »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Kramer Levin

Kramer Levin

Kramer Levin is a full-service law firm with offices in New York and Paris. Practice areas include Cybersecurity, Privacy and Data Protection.

Security Brokers

Security Brokers

Security Brokers focus services and solutions with a focus on strategic ICT Security and Cyber Defense issues.

Cisco Talos

Cisco Talos

Talos is an industry-leading threat intelligence solution that protects your organization’s people, data and infrastructure from active adversaries.

Black Kite

Black Kite

Black Kite (formerly NormShield) provides comprehensive Security-as-a-Service solutions focused on cyber threat intelligence, vulnerability management and continuous perimeter monitoring.

Cyber Execs

Cyber Execs

Cyber Execs is a Cyber Security Consultancy & Executive Recruitment firm.

SecureKey Technologies

SecureKey Technologies

SecureKey is a leading identity and authentication provider that simplifies consumer access to online services and applications.

Sliced Tech

Sliced Tech

Sliced Tech provides enterprise grade managed Cloud services, including Security-as-a-Services, aimed at meeting the needs of commercial and government clients from within Australia.

Sandline Discovery

Sandline Discovery

Sandline Discovery provides digital forensics, eDiscovery solutions, managed review and litigation consulting services.

Global Accelerator Network (GAN)

Global Accelerator Network (GAN)

Global Accelerator Network are a highly curated community of independent Accelerators, Partners and Investors.

TriagingX

TriagingX

TriagingX successfully created the first generation malware sandbox that is being used by many Fortune 500 companies for daily malware analysis.

Protelion

Protelion

The Protelion Security Platform is uniquely architected to deliver security solutions that combine greater protection, flexibility, and performance.

Maintel

Maintel

Maintel provides cloud and managed communications services. We help our customers to deliver exceptional customer experiences, and to securely access their applications and their data.

Securious

Securious

If you need to improve your cyber security or achieve cyber security accreditations, Securious provide an independent service that will identify and address your issues quickly and efficiently.

Saffron Networks

Saffron Networks

Saffron Networks is an ISO-certified company. We assure our clients of reliable solutions, specifically with the Security landscape and Enterprise Networking.

Silent Circle

Silent Circle

Silent Circle is the leader in end-to-end enterprise solutions for secure mobile communications.

CloudCoCo

CloudCoCo

CloudCoCo help UK businesses of all sizes and industries succeed by providing enterprise-grade technology at small-business prices.