Security researchers from industrial cybersecurity firm Dragos have identified a new threat actor called ‘Hexane’ that targets industrial control systems (ICS) related entities in the oil and gas and telecommunications sectors in the Middle East and Africa. Dragos says that the threat actor is expected to increase targeting oil and gas companies in the region.
“Industrial security company Dragos, which discovered the group, calls it ‘Hexane’, but remains largely tight-lipped on its activities. However, the security company said that the group’s activity has ramped up in recent months amid heightened tensions in the region since the group first emerged a year ago,” the TechCrunch reported.
Hexane is reportedly active since mid-2018 and the actor relies on malicious documents for initial intrusion. These documents then drop malware onto the targeted environments to provide attackers with an initial foothold.
The researchers have “moderate confidence” that ‘Hexane’ does not yet have an attack capability to disrupt industrial control networks critical to the continued operations of power plants, energy suppliers and other critical infrastructure, but the group may use its leverage on telecommunications networks as a “precursor” to an attack on industrial control networks, the report added.