Tuesday, March 9, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Middle East cyber-espionage is heating up with a new group joining the fold

August 27, 2019
in Internet Security
Middle East cyber-espionage is heating up with a new group joining the fold
588
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

The Middle East cyber-espionage scene has gotten a little bit more crowded this month with the discovery of a new hacking group that’s been targeting the region since mid-2018.

Tracked by cyber-security firms under names such as Lyceum (Secureworks naming) and Hexane (Dragos naming), this new group has primarily focused on the local energy sector.

You might also like

Supernova malware clues link Chinese threat group Spiral to SolarWinds server hacks

McAfee sells its enterprise business to private equity group as it focuses on consumer security

Everything you need to know about Microsoft Exchange Server hack

In a report published earlier this month, ICS security firm Dragos said that Lyceum (Hexane) had repeatedly targeted oil and gas companies in the Middle East, with “Kuwait as a primary operating region.”

But while the bulk of Lyceum attacks were aimed at companies in the energy sector, the group also targeted telecommunication providers in the greater Middle East, Central Asia, and Africa, Dragos said, “potentially as a stepping stone to network-focused man-in-the-middle and related attacks.”

But setting aside these rare attacks, the bulk of Lyceum’s activity has been focused on companies in the energy sector.

In a report published today and shared with ZDNet, Secureworks said that it detected a spike in Lyceum activity targeting oil and gas companies in May this year, a spike that came after “a sharp uptick in development and testing of their toolkit against a public multi-vendor malware scanning service in February 2019.”

Lyceum attacks follow a similar pattern

These attacks followed a simple, yet very effective pattern, Secureworks explained. First, Lyceum members would utilize techniques such as password spraying and brute-force attacks to breach individual email accounts at target organizations.

One successful, in the second stage of these attacks, Lyceum members would use the compromised email accounts to send spear-phishing emails to the victim’s colleagues. These emails would deliver malicious Excel files that would attempt to infect other users in the same organization with malware.

The primary targets of these second-stage spear-phishing campaigns would be executives, HR staff, and IT personnel in the same organization.

The Excel files would contain a payload named DanDrop, a VBA macro script that would infect the victim with DanBot, a C# remote access trojan (RAT).

Lyceum hackers would then use the DanBot RAT to download and run additional malware on the victims’ systems, most of which were PowerShell scripts with password-dumping, later movement, or keylogging functionality.

Lyceum modus operandi is similar to other Iranian groups

This modus operandi isn’t anything new or groundbreaking and has been seen used before by many other hacking groups, both financial and espionage-focused.

Both Dragos and Secureworks have abstained from linking the group to any specific country’s cyber-espionage apparatus.

Nevertheless, both Dragos and Secureworks have gone on the record and said that the tactics, techniques, and procedures (TTPs) used by Lyceum resemble APT33 and APT34, two cyber-espionage groups that have been historically linked to Iran.

“We’re keeping an open mind on attribution,” Rafe Pilling, senior security researcher, Secureworks Counter Threat Unit, told ZDNet in an email this week.

“We used the term ‘stylistically’ similar as we have no specific technical evidence linking LYCEUM to other known threat groups, including those attributed to Iran, such as COBALT TRINITY (aka APT33) or COBALT GYPSY (related to APT34).

“However, LYCEUM use a combination of password spraying, custom malware, DNS tunneling, spearphishing thematics and scripts taken from red teaming frameworks, in a way that is reminiscent of what we have observed from Iranian groups,” Pilling said.

Until cyber-security firms gather more evidence to link Lyceum to a specific country, the group’s focus is expected to remain on the energy sector, the bread and butter of most cyber-espionage groups targeting the Middle East.

Credit: Zdnet

Previous Post

Google Searches for ‘Recession’ Just Hit a Scary High

Next Post

How to Build Firefox

Related Posts

Supernova malware clues link Chinese threat group Spiral to SolarWinds server hacks
Internet Security

Supernova malware clues link Chinese threat group Spiral to SolarWinds server hacks

March 9, 2021
McAfee sells its enterprise business to private equity group as it focuses on consumer security
Internet Security

McAfee sells its enterprise business to private equity group as it focuses on consumer security

March 9, 2021
Everything you need to know about Microsoft Exchange Server hack
Internet Security

Everything you need to know about Microsoft Exchange Server hack

March 8, 2021
Bill establishing cyber abuse takedown scheme for adults enters Parliament
Internet Security

eSafety defends detail of Online Safety Bill as the ‘sausage that’s being made’

March 8, 2021
Maza Russian cybercriminal forum suffers data breach
Internet Security

Maza Russian cybercriminal forum suffers data breach

March 7, 2021
Next Post
How to Build Firefox

How to Build Firefox

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Supernova malware clues link Chinese threat group Spiral to SolarWinds server hacks
Internet Security

Supernova malware clues link Chinese threat group Spiral to SolarWinds server hacks

March 9, 2021
Malware Can Exploit New Flaw in Intel CPUs to Launch Side-Channel Attacks
Internet Privacy

Malware Can Exploit New Flaw in Intel CPUs to Launch Side-Channel Attacks

March 9, 2021
How to Begin Using DevSecOps for your Team
Data Science

How to Begin Using DevSecOps for your Team

March 9, 2021
Algorithm helps artificial intelligence systems dodge ‘adversarial’ inputs
Machine Learning

Algorithm helps artificial intelligence systems dodge ‘adversarial’ inputs

March 9, 2021
Why Use Python for AI and Machine Learning? | by BoTreeTechnologies | Mar, 2021
Neural Networks

Why Use Python for AI and Machine Learning? | by BoTreeTechnologies | Mar, 2021

March 9, 2021
Podcasts for marketers and Google’s stance on tracking: Monday’s daily brief
Digital Marketing

Podcasts for marketers and Google’s stance on tracking: Monday’s daily brief

March 9, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Supernova malware clues link Chinese threat group Spiral to SolarWinds server hacks March 9, 2021
  • Malware Can Exploit New Flaw in Intel CPUs to Launch Side-Channel Attacks March 9, 2021
  • How to Begin Using DevSecOps for your Team March 9, 2021
  • Algorithm helps artificial intelligence systems dodge ‘adversarial’ inputs March 9, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates