CHRYSENE

πŸ”΄ High
Also known as: OilRig, Greenbug, CHRYSENE, Hazel Sandstorm, EUROPIUM, Cobalt Gypsy, APT34, HELIX KITTEN, Crambus

Adversaries abusing ICS (based on Dragos Inc adversary list). This threat actor targets organizations involved in oil, gas, and electricity production, primarily in the Gulf region, for espionage purposes. According to one cybersecurity company, the threat actor β€œcompromises a target machine and passes it off to another threat actor for further exploitation.”

🌍 Country Unknown
⚑ Risk Level High
🎯 Incident Type Espionage
Private sector Education Energy Investment Aerospace Government, Administration

Targeted Victims

Iraq United Kingdom Pakistan Israel

Introduction

Adversaries abusing ICS (based on Dragos Inc adversary list). This threat actor targets organizations involved in oil, gas, and electricity production, primarily in the Gulf region, for espionage purposes. According to one cybersecurity company, the threat actor β€œcompromises a target machine and passes it off to another threat actor for further exploitation.”

Activities and Tactics

Targeted Sectors: Private sector, Education, Energy, Investment, Aerospace, Government, Administration

Country of Origin: 🏳️ Unknown

Risk Level: High

Incident Type: Espionage

Suspected Victims: Iraq, United Kingdom, Pakistan, Israel

Notable Campaigns

Information pending cataloguing.

Tactics, Techniques, and Procedures (TTPs)

Information pending cataloguing.

Notable Indicators of Compromise (IOCs)

No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.

Malware and Tools

  • CyberGate
  • Cyber Eye RAT
  • Xploit

Attribution and Evidence

Country of Origin: Unknown Additional attribution information pending cataloguing.

References

References pending cataloguing.