Hexane: A new group, Hexane, has been targeting the oil and gas industry from Pacific Asia to the Middle East. The group is doing this by targeting telecommunications companies in an attempt to compromise the main target by using a third party, which has a higher chance of having weaknesses. Although the group has mainly been trying to compromise the telecommunications industry, they have also been seen going after devices and firmware in the supply chain of the oil and gas companies themselves–trying to find any way in which they are vulnerable. The group was first seen in 2018 but not reported on until enough information was gathered on them, including their tactics, techniques, and procedures (TTPs). Hexane is not the only group that is targeting the oil and gas industry, and Hexane has similar tactics as other groups like the Iran-based group OilRig, which is known to target the oil and gas industry in the Middle East. Hexane in itself is a unique entity, and though it has been observed that they have some similar characteristics as other groups, they do not have known ties to them at this time.
Analyst Notes
Oil and gas companies remain a highly valued target for nation-state groups to try to infect, but not necessarily show that they have. Sometimes just planting the malware and creating multiple ways into the system, in a hope that if anything geopolitically happened, the attackers would already have a foothold into some of the most important resources. There are no characteristics of this group that would point to them having ties with a certain country at this time, but it is possible.
