August 5, 2019 By David Bisson < 1 min read

Researchers spotted a new activity group called HEXANE targeting industrial control systems (ICSs) in the Middle East.

Dragos observed HEXANE targeting ICSs operated by oil and gas companies located in the Middle East and telecommunications providers in the Middle East, Central Asia and Africa. The security firm reasoned that the group was likely pursuing these targets to lay the groundwork to conduct network-based attacks, such as man-in-the-middle (MitM) operations.

Active since at least 2018, HEXANE distinguished itself from similar groups like MAGNALLIUM and CHRYSENE by its unique behaviors, tools and victimology. For instance, the fact that it uses malicious domains leveraging general IT themes and novel detection evasion schemes helped make HEXANE stand out among its peers. That said, Dragos stated that the group neither has the necessary access nor capability to disrupt industrial control systems at this time.

Threats to Industrial Control Systems Abound

HEXANE isn’t the only threat to target organizations’ industrial control systems. Kaspersky Lab observed as much in a March 2019 report when it discovered that almost half of industrial systems exhibited signs of attempted access to their critical assets.

Just a month later, FireEye uncovered a second intrusion involving TRITON, a custom attack framework designed to manipulate industrial safety systems. In June, Trend Micro observed XENOTIME, the threat actor behind TRITON, probing the ICSs associated with U.S. power grids.

How to Defend Against ICS Attacks

Security professionals can help defend their organizations from ICS attacks by establishing testing programs that evaluate all industrial control systems and their components for relevant security threats based on their respective risk profiles.

Companies should also consider strengthening both their incident response and threat intelligence capabilities so they can quickly determine the root cause of a security incident and prevent digital attackers from accomplishing their goals.

More from

Generative AI security requires a solid framework

4 min read - How many companies intentionally refuse to use AI to get their work done faster and more efficiently? Probably none: the advantages of AI are too great to deny.The benefits AI models offer to organizations are undeniable, especially for optimizing critical operations and outputs. However, generative AI also comes with risk. According to the IBM Institute for Business Value, 96% of executives say adopting generative AI makes a security breach likely in their organization within the next three years.CISA Director Jen…

Q&A with Valentina Palmiotti, aka chompie

4 min read - The Pwn2Own computer hacking contest has been around since 2007, and during that time, there has never been a female to score a full win — until now.Valentina Palmiotti, aka chompie, changed that. At the March 2024 competition, Palmiotti scored a full win with her discovery of an Improper Update of Reference Count bug to escalate privileges on Windows 11. It was her first time entering Pwn2Own.Pwn2Own is considered one of the most — if not the most — prestigious…

Self-replicating Morris II worm targets AI email assistants

4 min read - The proliferation of generative artificial intelligence (gen AI) email assistants such as OpenAI’s GPT-3 and Google’s Smart Compose has revolutionized communication workflows. Unfortunately, it has also introduced novel attack vectors for cyber criminals. Leveraging recent advancements in AI and natural language processing, malicious actors can exploit vulnerabilities in gen AI systems to orchestrate sophisticated cyberattacks with far-reaching consequences. Recent studies have uncovered the insidious capabilities of self-replicating malware, exemplified by the “Morris II” strain created by researchers. How the Morris…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today