"Lyceum APT Group Adds ISPs to Its Target List"

A new report from Accenture reveals that the Iranian-backed hacking group known as Lyceum has been infiltrating Internet Service Providers (ISPs) and telecommunications companies since July. The group, also known as Hexane, Spirlin, and Siamesekitten has been in operation since 2018, targeting oil and gas companies in the Middle East, Africa, and Central Asia. According to researchers from Accenture's Cyber Threat Intelligence (ACTI) group and Prevailion's Adversarial Counterintelligence Team (PACT), Lyceum has executed attacks against ISPs and telecommunications organizations in Israel, Morocco, Tunisia, and Saudi Arabia between July and October this year. The group also targeted an unnamed African country's foreign affairs department. Telecommunications companies and ISPs are considered highly attractive targets for cyberespionage activities because they provide access to various organizations and subscribers as well as to their own internal systems, which can be abused to carry out additional malicious activities. The researchers pointed out that the threat actors and their sponsors can use companies within these industries to spy on individuals of interest. A ministry of foreign affairs in Africa is seen as a highly valuable target because they have intelligence on the current state of bilateral relationships between countries and insight into prospective dealings. Secureworks found that the group's initial attack vector involves accessing a company's systems using credentials stolen through the performance of password spraying or brute-force attacks. It also includes delivering malicious documents via spear-phishing from the compromised accounts to executives, human resources staff, and IT personnel. Researchers identified the use of two malware families called Shark and Milan by Lyceum operators. This article continues to discuss the history and recent findings surrounding the Lyceum group's activities. 

GovInfoSecurity reports "Lyceum APT Group Adds ISPs to Its Target List"

Submitted by Anonymous on