Cyber War In The Middle East Is Escalating

Hacking groups with links to Iran are the latest threat that is making the Persian Gulf one of the world’s most active theatres of Cyber warfare. The oil and gas giants of the Middle East have spotted a new hacking groups attempting to break into their computer systems. The American cybersecurity firms Dragos and Dell’s Secureworks have released Reports on the group codenamed Hexane. 

Although neither company makes a definitive accusation about who is responsible for the hacking, both point toward similarities to Iranian hacking groups and alignment with Iran’s strategic political goals.

Hexane intrusion activity includes malicious documents that drop malware to establish footholds for follow-on activity. Although the group appears operational since at least mid-2018, activity accelerated in early- to-mid-2019. This timeline, targeting, and increase of operations coincides with an escalation of tensions within Middle East, a current area of political and military conflict.

It is the latest in a long line of advanced hacking groups seen in and around the Persian Gulf. In the Middle East, there are few if any more important strategic targets than the oil and gas industry that is behind much of the region's wealth and power.
Another cyber threat come from the Lyceum threat group which targets organisations in sectors of strategic national importance, including oil and gas and possibly telecommunications. 

Research suggests that Lyceum may have been active as early as April 2018. Domain registrations also suggest that a campaign in mid-2018 focused on South African targets. 

In May 2019, the threat group launched a campaign against oil and gas organisations in the Middle East. This campaign followed a sharp uptick in development and testing of their toolkit against a public multi-vendor malware scanning service in February 2019. 

Now Hexane
Hexane demonstrates similarities to the activity groups Magnallium and Chrysene. All of these groups arefocusing largely on oil and gas, and some of the behaviors and recently observed tactics, techniques, and procedures (TTPs) are similar. Dragos identified recent Magnallium activity targeting US government and financial organisations as well as oil and gas companies, attempting to gain access to computers at target organisations. 

The collection of Hexane behaviors, tools, and victimology makes this a unique entity compared to these previously-observed activity groups.

One of the most disruptive hacking campaigns the region has ever seen in the last decade took place in 2012 when Iranian hackers broke into Saudi Arabia's Aramco and deleted files to cripple tens of thousands of key company computers. The malware used in that attack is known as Shamoon.

Saudi Aramco, a state-owned oil company and one of the richest companies on earth, is at the heart of that country's power. The region's energy companies are massively important to all of the nations around the Persian Gulf. The Shamoon hackers also hit the Qatar oil company RasGas.

Active since 2018, Hexane has dramatically increased activity in 2019 and deployed new malware against its targets. The first step in the group's tactics are sending spearphishing attacks to human resources and technology staffers at targeted organisations. 

"Compromising individual HR accounts could yield information and account access that could be used in additional spearphishing operations within the targeted environment and against associated organisations," say Secureworks researchers. 

"IT personnel have access to high-privilege accounts and documentation that could help the threat actors understand the environment without blindly navigating the network to find data and systems of interest."

There is some debate among cybersecurity companies about the exact immediate targets of the group. Hackers can target information technology systems like desktop computers or operational technology systems like programmable logic controllers, computers designed specifically for industrial purposes like oil and gas refinement or manufacturing.

Although the Persian Gulf is a hotbed of cyber activity, countries like Iran have a global reach. Earlier this year, Dragos identified a group dubbed Magnallium that is targeting American government, financial, and energy companies. 

Iran continues to be the target of American hackers including, most notably, when President Donald Trump ordered cyber-attacks on Iranian weapons systems after a US drone was shot down by Iranian forces

MIT Technologu Review:            Secureworks:           Dragos:

You Might Also Read: 

US Cyber Attack Disabled Iran’s Ability To Target Shipping:

The Cyber Effect On Modern Warfare:

 

 

« The GDPR Wake-Up Call Is Being Ignored By Business
New Ransomware Formats Double »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

NCX Group

NCX Group

NCX Group is committed to helping customers identify and mitigate the risks inherent in today’s interconnected environments and business processes.

Black Duck Software

Black Duck Software

Black Duck Hub allows organizations to manage open source code security as well as license compliance risks.

CyberSift

CyberSift

CyberSift is a cyber security provider. We develop threat detection software which needs no infrastructure changes as it integrates with almost any security tool.

Vysk Communications

Vysk Communications

Vysk is an award-winning mobile security firm that has developed the world’s most secure system for voice communication.

Information & eGovernment Authority (iGA) - Bahrain

Information & eGovernment Authority (iGA) - Bahrain

The Information & eGovernment Authority facilitates many services catering to different parts of the community within the IT sector in Bahrain including information security.

Relution

Relution

Relution is the Unified Endpoint Management platform for innovative companies and educational institutions. It enables you to manage your mobile apps and devices easily and securely.

DestructData

DestructData

DestructData is a leading independent provider of End of Life data destruction/security solutions.

Secure-IC

Secure-IC

Secure-IC provide end-to-end, best-of-breed security expertise, solutions, and hardware & software technologies, for embedded systems and connected objects.

Nu Quantum

Nu Quantum

Nu Quantum is developing quantum photonics hardware to power the quantum revolution in communications, sensing and computing.

HENSOLDT Cyber

HENSOLDT Cyber

HENSOLDT Cyber introduces a paradigm shift to cyber security. Our products have been designed to ensure the integrity of embedded systems at the core: the operating system and the processor.

Enzen

Enzen

Enzen is a global knowledge practice that provides consulting, technology, engineering, operating and innovation services to the energy and utility sectors.

Deloitte

Deloitte

Deloitte is a multinational professional services firm providing audit, consulting, financial advisory, risk management, tax, and related services to clients.

Digital Catapult

Digital Catapult

Digital Catapult is the UK authority on advanced digital technology. We bring out the best in business by accelerating new possibilities with advanced digital technologies.

NSW IT Support

NSW IT Support

NSW IT Support: Your exclusive hub for comprehensive Business IT services in Sydney. Our skilled team ensures seamless technology solutions nationwide, consistently delivering top-tier IT support.

Cakewalk

Cakewalk

Cakewalk is the new standard in easy Access Control. Trusted by IT & Security teams. Loved by employees.

Dryad Global

Dryad Global

Dryad Global offers a comprehensive suite of maritime intelligence solutions, including a best-in-class situational awareness, planning and security system and industry-leading cyber protection tools.