A newly discovered hacking group is targeting energy and telecoms companies

[SwissMiss]

A newly discovered hacking group is targeting energy and telecoms companies

 

 

There’s a new hacking group on the radar targeting telecommunications and oil and gas companies across Africa and the Middle East.

 

Industrial security company Dragos, which discovered the group, calls it “Hexane,” but remains largely tight lipped on its activities. The security company said Thursday, however, that that the group’s activity has ramped up in recent months amid heightened tensions in the region since the group first emerged a year ago.

 

Dragos said Hexane, the latest in a list of nine hacking groups it tracks, was observed targeting telecoms companies, potentially as a “stepping stone” to gain access to the networks of oil and gas companies.

 

“Targeting telecommunications firms can potentially enable third-party access to downstream refining or upstream production operations via cellular networks,” said Casey Brooks, a senior adversary hunter at Dragos, told TechCrunch.

 

Dragos would not go into specifics about the threat group but hinted that it targets and compromises “devices, firmware, or telecommunications networks” in the supply chain which could be used to breach a victim’s network from within.

 

The researchers have “moderate confidence” that Hexane does not yet have an attack capability to disrupt industrial control networks critical to the continued operations of power plants, energy suppliers and other critical infrastructure, but the group may use its leverage on telecommunications networks as a “precursor” to an attack on industrial control networks.

 

Dragos said Hexane is expected to increase targeting oil and gas companies in the region.

 

Hexane was first observed in mid-2018, said the company, which specializes in finding and understanding the threats faced by critical infrastructure. The group followed a similar trend as other similar groups targeting industrial control systems. But Hexane isn’t the only threat group targeting third-party companies. Dragos said other groups it tracks target hardware and software suppliers used in industrial control networks.

 

Hexane has “similar behaviors” to OilRig, a previously reported threat group with suspected Iranian ties. But Dragos said that Hexane’s behaviors, tools, and targeted victims make the hacking group “a unique entity” compared to other observed groups.

 

Dragos said the hacking groups said oil and gas remain a high target for causing “major process and equipment destruction or loss of life.”

 

Image Credits: Getty Images

 

 

Source:  A newly discovered hacking group is targeting energy and telecoms companies

[lolsee2]

The possible way to make software truly immune to compromise is to ensure it takes no inputs and allows no user control, but a program that can't do anything to anything else and can't be told what to do isn't very useful.

 

Security is the art of compromising safety for functionality in a way that makes you too annoying to break, making sure you know when you've been hit quickly, and limiting how much data they can steal before you pull the plug, including making sure there's a plug to pull both literally and metaphorically.

[mkc21]

must be Iran, time to steal their oil.. I mean liberate them!