New Threat Group Targets Critical Infrastructure Organisations
A new threat group known as Lyceum (aka Hexane) has been targeting critical infrastructure organisations in the Middle East, particularly companies in the energy sector. The group uses techniques such as password spraying and brute-force attacks to breach individual email accounts and leverages on these compromised accounts to send spear phishing emails to executives, HR staff, and IT personnel in the same organisation. These emails typically contain a macros-laden Excel file that installs the DanBot RAT when activated. DanBot is used to download secondary payloads for stealing credentials and lateral movement. While there are no specific attributions for Lyceum, the group’s tactics, techniques and procedures are observed to be similar with Iranian cyberespionage groups APT33 and APT34.
More Weekly Cyber Newsanalysis and insights
Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.
Ensign Systems Integration
Architecting and implementing cybersecurity solutions that bolster defences
Ensign Managed Security Services
Managing your security operations for advanced threat detection, continuous monitoring, and triage services