Hexane Group Compromises ICT Related Entities

Delaware, USA – August 1, 2019 – The Hexane group has been active since the middle of last year, and as tensions in the Middle East increase, the group conducts more and more attacks targeting telecommunications companies and organizations in the oil and gas industry. The group was discovered by cybersecurity company Dragos Inc which tracks hacker groups that pose risks to critical infrastructure. Hexane group attacks telecoms in Asia, Africa, and the Middle East, but their attacks on oil and gas companies mostly focused on Kuwait and neighboring countries. Researchers suppose that telecoms compromising is necessary for conducting Man-in-the-Middle attacks on their primary targets. Adversaries also attack companies along the supply chains of potential targets: hardware and software suppliers, and industrial original equipment manufacturers to gain access to industrial control systems without causing suspicion of security systems. The primary infection vector is spreading malicious documents to install malware and gain an initial foothold.

Even though Hexane targets are similar to targets of APT33, in the detected campaigns, the TTPs of both groups are significantly different. APT33 is known for large-scale cyber espionage campaigns and destructive attacks on organizations with Shamoon wiper, while Hexane is quieter and compromises telecommunications companies to close in on oil and gas companies. Researchers stated with moderate confidence that the group cannot yet disrupt ICS networks. To protect against sophisticated attacks, you can use the APT Framework rule pack that adds sophistication to your existing security solutions: https://my.socprime.com/en/integrations/apt-framework-arcsight