This site has been deprecated in favor of and will remain in place until 11/1/22.

Group: HEXANE, Lyceum

From attackics
Jump to navigation Jump to search
HEXANE, Lyceum
ID G0005
Associated Groups HEXANE, Lyceum
External Contributors Dragos Threat Intelligence

HEXANE is a threat group that has targeted ICS organization within the oil & gas, and telecommunications sectors. Many of the targeted organizations have been located in the Middle East including Kuwait. HEXANE's targeting of telecommunications has been speculated to be part of an effort to establish man-in-the-middle capabilities throughout the region. HEXANE's TTPs appear similar to APT33 and OilRig but due to differences in victims and tools it is tracked as a separate entity.1

Associated Group Descriptions

  • HEXANE - 1
  • Lyceum - 2

Techniques Used

  • Scripting - HEXANE utilizes VBA macros and Powershell scripts such as DanDrop and kl.ps1 tools.34
  • Valid Accounts - HEXANE has used valid IT accounts to extend their spearphishing campaign within an organization.2