Government

New Threat Group Targets Critical Infrastructure Organisations

27 August - 3 September 2019

A new threat group known as Lyceum (aka Hexane) has been targeting critical infrastructure organisations

A new threat group known as Lyceum (aka Hexane) has been targeting critical infrastructure organisations in the Middle East, particularly companies in the energy sector. The group uses techniques such as password spraying and brute-force attacks to breach individual email accounts and leverages on these compromised accounts to send spear phishing emails to executives, HR staff, and IT personnel in the same organisation. These emails typically contain a macros-laden Excel file that installs the DanBot RAT when activated. DanBot is used to download secondary payloads for stealing credentials and lateral movement. While there are no specific attributions for Lyceum, the group’s tactics, techniques and procedures are observed to be similar with Iranian cyberespionage groups APT33 and APT34.

 

References:

LYCEUM Takes Center Stage in Middle East Campaign

New Activity Group Targets Oil and Gas, Telecommunications Providers

More Weekly Cyber Newsanalysis and insights

Ensign Consulting

Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.​

Ensign Systems Integration

Architecting and implementing cybersecurity solutions that bolster defences

Ensign Managed Security Services

Managing your security operations for advanced threat detection, continuous monitoring, and triage services

Ensign Labs

Performing deep research to analyse vulnerabilities, deploy advanced threat hunting and provide cyber threat intelligence