Group: HEXANE, Lyceum

From attackics
Jump to navigation Jump to search
HEXANE, Lyceum
Group
ID G0005
Associated Groups HEXANE, Lyceum
External Contributors Dragos Threat Intelligence

HEXANE is a threat group that has targeted ICS organization within the oil & gas, and telecommunications sectors. Many of the targeted organizations have been located in the Middle East including Kuwait. HEXANE's targeting of telecommunications has been speculated to be part of an effort to establish man-in-the-middle capabilities throughout the region. HEXANE's TTPs appear similar to APT33 and OilRig but due to differences in victims and tools it is tracked as a separate entity.1

Associated Group Descriptions

  • HEXANE - 1
  • Lyceum - 2

Techniques Used

  • Valid Accounts - HEXANE has used valid IT accounts to extend their spearphishing campaign within an organization.2
  • Man in the Middle - HEXANE targeted telecommunication providers in the greater Middle East, Central Asia, and Africa, potentially as a stepping stone to network-focused man-in-the-middle and related attacks.1
  • Scripting - HEXANE utilizes VBA macros and Powershell scripts such as DanDrop and kl.ps1 tools.34