New Threat Group Targets Middle East

Aug 27, 2019 08:00 pm Cyber Security 341

New Threat Group Targets Middle East

A new threat group has been observed targeting oil and gas companies in the Middle East.





Researchers from SecureWorks' Counter Threat Unit (CTU) believe the group, which they have dubbed LYCEUM, may have been active as early as April 2018. The focus of the group appears to be obtaining and expanding access within a targeted network. 





The threat group's activities have also been observed by researchers at Dragos, who named the group HEXANE. 





Domain registrations suggest that a campaign by the group in mid-2018 focused on South African targets, possibly in the telecommunications sector. In May 2019, a campaign was launched against oil and gas organizations in the Middle East. 





The group attacks by accessing company user accounts via a process called password spraying in which a list of the most common passwords is thrown at a large number of accounts in a brute-force attack. Once an account has been compromised, the group uses it to send spear-phishing emails with malicious Excel attachments to other users within the company.





When an unsuspecting user clicks on the Excel attachment, DanBot malware is deployed, which the attackers can use to execute arbitrary commands via cmd.exe and to upload and download files.





A common theme used by the new threat group to carry out its campaigns has been "security best practice," with one attachment containing "the 25 worst passwords of 2017."





Asked if the choice of theme signaled that the team behind LYCEUM has a strong ..

Support the originator by clicking the read the rest link below.

threat group targets middle
Read The Rest from the original source
infosecurity-magazine.com

Related News

Be in Touch

All Rights Reserved #1 Source for Cyber Security News, Reports and Threat Intelligence
Powered By The Internet!!!!