Cyber War In The Middle East Is Escalating

Hacking groups with links to Iran are the latest threat that is making the Persian Gulf one of the world’s most active theatres of Cyber warfare. The oil and gas giants of the Middle East have spotted a new hacking groups attempting to break into their computer systems. The American cybersecurity firms Dragos and Dell’s Secureworks have released Reports on the group codenamed Hexane. 

Although neither company makes a definitive accusation about who is responsible for the hacking, both point toward similarities to Iranian hacking groups and alignment with Iran’s strategic political goals.

Hexane intrusion activity includes malicious documents that drop malware to establish footholds for follow-on activity. Although the group appears operational since at least mid-2018, activity accelerated in early- to-mid-2019. This timeline, targeting, and increase of operations coincides with an escalation of tensions within Middle East, a current area of political and military conflict.

It is the latest in a long line of advanced hacking groups seen in and around the Persian Gulf. In the Middle East, there are few if any more important strategic targets than the oil and gas industry that is behind much of the region's wealth and power.
Another cyber threat come from the Lyceum threat group which targets organisations in sectors of strategic national importance, including oil and gas and possibly telecommunications. 

Research suggests that Lyceum may have been active as early as April 2018. Domain registrations also suggest that a campaign in mid-2018 focused on South African targets. 

In May 2019, the threat group launched a campaign against oil and gas organisations in the Middle East. This campaign followed a sharp uptick in development and testing of their toolkit against a public multi-vendor malware scanning service in February 2019. 

Now Hexane
Hexane demonstrates similarities to the activity groups Magnallium and Chrysene. All of these groups arefocusing largely on oil and gas, and some of the behaviors and recently observed tactics, techniques, and procedures (TTPs) are similar. Dragos identified recent Magnallium activity targeting US government and financial organisations as well as oil and gas companies, attempting to gain access to computers at target organisations. 

The collection of Hexane behaviors, tools, and victimology makes this a unique entity compared to these previously-observed activity groups.

One of the most disruptive hacking campaigns the region has ever seen in the last decade took place in 2012 when Iranian hackers broke into Saudi Arabia's Aramco and deleted files to cripple tens of thousands of key company computers. The malware used in that attack is known as Shamoon.

Saudi Aramco, a state-owned oil company and one of the richest companies on earth, is at the heart of that country's power. The region's energy companies are massively important to all of the nations around the Persian Gulf. The Shamoon hackers also hit the Qatar oil company RasGas.

Active since 2018, Hexane has dramatically increased activity in 2019 and deployed new malware against its targets. The first step in the group's tactics are sending spearphishing attacks to human resources and technology staffers at targeted organisations. 

"Compromising individual HR accounts could yield information and account access that could be used in additional spearphishing operations within the targeted environment and against associated organisations," say Secureworks researchers. 

"IT personnel have access to high-privilege accounts and documentation that could help the threat actors understand the environment without blindly navigating the network to find data and systems of interest."

There is some debate among cybersecurity companies about the exact immediate targets of the group. Hackers can target information technology systems like desktop computers or operational technology systems like programmable logic controllers, computers designed specifically for industrial purposes like oil and gas refinement or manufacturing.

Although the Persian Gulf is a hotbed of cyber activity, countries like Iran have a global reach. Earlier this year, Dragos identified a group dubbed Magnallium that is targeting American government, financial, and energy companies. 

Iran continues to be the target of American hackers including, most notably, when President Donald Trump ordered cyber-attacks on Iranian weapons systems after a US drone was shot down by Iranian forces

MIT Technologu Review:            Secureworks:           Dragos:

You Might Also Read: 

US Cyber Attack Disabled Iran’s Ability To Target Shipping:

The Cyber Effect On Modern Warfare:

 

 

« The GDPR Wake-Up Call Is Being Ignored By Business
New Ransomware Formats Double »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Center for a New American Security (CNAS)

Center for a New American Security (CNAS)

CNAS is the nation's leading research institution focused on defense and national security policy. Cyber security issues are an intrinsic element of the national security debate.

Trulioo

Trulioo

Trulioo is a leading global identity and business verification company providing secure access to data sources worldwide to instantly verify consumers and businesses online.

Workz Group

Workz Group

Workz connects and protects mobile subscribers of today and tomorrow by providing secure removable or embedded SIMs and remote provisioning solutions for consumer, M2M and IOT devices.

Indeed

Indeed

Indeed is a worldwide employment-related search engine for job listings covering job types in all industries, including cybersecurity.

Dellfer

Dellfer

Dellfer secures connected cars and other IOT devices through Intrinsic protection, enabling the most sophisticated cybersecurity attacks to be seen instantly and remediated with precision.

Altipeak Security

Altipeak Security

Altipeak Security provide Safewalk - a flexible and robust authentication platform through which we offer improved security to SMBs, corporates, banks, insurance companies, healthcare and more.

ConvergeOne

ConvergeOne

ConvergeOne is a leading global IT services provider of collaboration and technology solutions including cybersecurity.

Cloudrise

Cloudrise

Cloudrise are elevating cloud security, data protection, and privacy through assessment, technology enablement, and process automation.

Raman Power Technologies

Raman Power Technologies

Raman Power Technologies focus on bringing value and solving business challenges through the delivery of modern IT services and solutions including cybersecurity.

DigitalWell

DigitalWell

DigitalWell provide fully managed IT and communications solutions for a truly innovative end-to-end experience - for your customers and teams.

Threatsys Technologies

Threatsys Technologies

Threatsys’s Integrated cyber security process helps your organizations to ensure that it’s secure from any fraudulent attacks.

Secure Halo

Secure Halo

Secure Halo has been protecting the intellectual assets and sensitive information of the federal government and private sector for 20+ years, through our proactive approach to risk and cybersecurity.

Effectiv

Effectiv

Effectiv is a real-time fraud & risk management platform for Financial Institutions and Fintechs.

Sprocket Security

Sprocket Security

Sprocket Security protects your business by monitoring the cybersecurity landscape and performing continuous penetration testing services.

Price Forbes

Price Forbes

Building on more than 100 years of specialist insurance broking, Price Forbes partner with clients around the world who are looking to understand and balance today’s risk and plan for the future.

Soteria Communications

Soteria Communications

Soteria Communications supports clients to prepare for and manage crises, with a focus on cyber incidents.