There’s a new hacking group on the radar targeting telecommunications and oil and gas companies across Africa and the Middle East.
Industrial security company Dragos, which discovered the group, calls it “Hexane,” but remains largely tight lipped on its activities. The security company said Thursday, however, that that the group’s activity has ramped up in recent months amid heightened tensions in the region since the group first emerged a year ago.
Dragos said Hexane, the latest in a list of nine hacking groups it tracks, was observed targeting telecoms companies, potentially as a “stepping stone” to gain access to the networks of oil and gas companies.
“Targeting telecommunications firms can potentially enable third-party access to downstream refining or upstream production operations via cellular networks,” said Casey Brooks, a senior adversary hunter at Dragos, told TechCrunch.
Dragos would not go into specifics about the threat group but hinted that it targets and compromises “devices, firmware, or telecommunications networks” in the supply chain which could be used to breach a victim’s network from within.
The researchers have “moderate confidence” that Hexane does not yet have an attack capability to disrupt industrial control networks critical to the continued operations of power plants, energy suppliers and other critical infrastructure, but the group may use its leverage on telecommunications networks as a “precursor” to an attack on industrial control networks.
Dragos said Hexane is expected to increase targeting oil and gas companies in the region.
Hexane was first observed in mid-2018, said the company, which specializes in finding and understanding the threats faced by critical infrastructure. The group followed a similar trend as other similar groups targeting industrial control systems. But Hexane isn’t the only threat group targeting third-party companies. Dragos said other groups it tracks target hardware and software suppliers used in industrial control networks.
Hexane has “similar behaviors” to OilRig, a previously reported threat group with suspected Iranian ties. But Dragos said that Hexane’s behaviors, tools, and targeted victims make the hacking group “a unique entity” compared to other observed groups.
Dragos said the hacking groups said oil and gas remain a high target for causing “major process and equipment destruction or loss of life.”
Why ICS security startup Dragos’ CEO puts a premium on people not profits