New Hexane Group Targets Oil and Gas, Telco Providers (Aug 1, 2019)
A new threat group has been identified by researchers at Dragos Inc, targeting the oil and gas industry and telecommunication providers. Named “Hexane”, the group has been active since at least 2018, and has been increasing activity thus far in 2019. The group is reported to primarily target Middle Eastern countries, specifically Kuwait, the attacks coincide with increased tension in the Middle East. While Dragos are not releasing specifics, they have assessed that Hexane do not possess the capability to carry out an attack on critical infrastructure. Attacking telecommunications providers is a tactic observed as a means to breach the target’s network. The initial infection vector of Hexane includes malicious documents that drop malware to targeted environments.
Recommendation: Any file attachment should be viewed with the utmost scrutiny any request for Macros to be enabled should be avoided. All employees should be educated on the risk of opening attachments from unknown senders. Anti-spam and antivirus protected should be implemented and kept up-to-date with the latest version to better ensure security.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.