Security researchers at Dragos Inc have tracked the activity of a threat actor recently discovered and dubbed Hexane.

Security experts at Dragos Inc. have discovered a new threat actor, tracked as Hexane, that is targeting organizations in the oil and gas industry and telecommunication providers.

The Hexane group has been active since at least the middle of 2018, it intensified its activity since early 2019 with an escalation of tensions within the Middle East .

“Dragos identified a new activity group targeting industrial control systems (ICS) related entities: HEXANE. Dragos observed this group targeting oil and gas companies in the Middle East, including Kuwait as a primary operating region.” reads the report published by Dragos Inc.. “Additionally, and unlike other activity groups Dragos tracks, HEXANE also targeted telecommunication providers in the greater Middle East, Central Asia, and Africa, potentially as a stepping stone to network-focused man-in-the-middle and related attacks.”

The group targeted third-party companies, like telco service providers, to hit the final target in a classic supply chain attack. HEXANE leverages on weaponized documents used to drop the malware and compromise the target network.

The threat actor shows similarities with other groups such as Magnallium and Chrysene, both active since at least 2017 and involved in attacks on oil and gas companies. Anyway, experts pointed out that the Hexane group has differed TTPs and has its own arsenal.

“However, the collection of HEXANE behaviors, tools, and victimology makes this a unique entity compared to these previously-observed activity groups.” continues Dragos.

“For instance, HEXANE’s observed victimology is mostly focused on critical infrastructure, but divided between ICS verticals and telecommunications operations. Additionally, its infrastructure and capabilities — such as using malicious domains patterned after general IT themes and newly identified detection evasion schemes — are different from related groups.”

Researchers noticed a uniqueness in the pattern creating malicious domains and evasion techniques.

According to the experts at Dragos, Hexane has not yet developed destructive capabilities.

Pierluigi Paganini

( SecurityAffairs – hacking, ICS)

Share this...

Linkedin Reddit Pinterest

Share On