New Hexane threat group targets telcos and energy companies

• The group reportedly targets telecom companies in order to gain access to networks belonging to oil and gas companies.
• The hacker group, dubbed ‘Hexane’, emerged in mid-2018 when it was observed targeting industrial control systems.

Security researchers have observed the rise of a new hacker group targeting energy and telecom companies since last year. Identified as ‘Hexane’ the by security company Dragos, the group is said to target telecom companies in order to gain access to networks of companies in the oil and gas industry. The group mainly exploits firmware and apparently compromises entire telecommunications networks as well.

Key findings

• Hexane is said to be targeting telcos and energy companies present in Africa, Central Asia, and the Middle East.
• Dragos researchers suggest that the group leverages telecommunication networks for attacks on industrial networks.
• The origins of the group are traced to mid-2018 and are believed to exhibit similar behaviors as the OilRig group. However, the tools and targets of the group are said to be unique.
• The researchers came across Hexane’s activities after they came across a malicious code uploaded on VirusTotal.

Why telecom companies are targeted?

According to Casey Brooks, Senior Adversary Hunter at Dragos, hacker group targeting industrial networks mainly aim attacks at telecom firms to compromise production operations.

“Targeting telecommunications firms can potentially enable third-party access to downstream refining or upstream production operations via cellular networks,” Brooks told TechCrunch.

Regarding these hacker groups, Dragos also released a report as part of its research on cyber threats in the oil and gas industry. The research indicates that the industry is slowly witnessing more attacks due to the advanced capabilities of the hacker groups. It tracked five groups that were regularly targeting oil and gas companies.