Introduction
HEXANE is a cyber espionage threat group that has targeted oil & gas, telecommunications, aviation, and internet service provider organizations since at least 2017. Targeted companies have been located in the Middle East and Africa, including Israel, Saudi Arabia, Kuwait, Morocco, and Tunisia. HEXANE’s TTPs appear similar to APT33 and OilRig but due to differences in victims and tools it is tracked as a separate entity. Dragos Hexane Kaspersky Lyceum October 2021 ClearSky Siamesekitten August 2021 Accenture Lyceum Targets November 2021
Activities and Tactics
Targeted Sectors: Government, Energy, High-Tech, Telecomms, Education, Military, Defense
Country of Origin: 🇮🇷 Iran
Incident Type: Espionage
Suspected Victims: Israel, Middle East
Notable Campaigns
Information pending cataloguing.
Tactics, Techniques, and Procedures (TTPs)
Information pending cataloguing.
Notable Indicators of Compromise (IOCs)
No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.
Malware and Tools
Information pending cataloguing.
Attribution and Evidence
Country of Origin: Iran Additional attribution information pending cataloguing.
References
[1] MITRE ATT&CK MITRE ATT&CK entry [2] Dragos Hexane [3] Kaspersky Lyceum October 2021 [4] ClearSky Siamesekitten August 2021 [5] Accenture Lyceum Targets November 2021