Lyceum APT Group a Fresh Threat to Oil and Gas CompaniesReports Say Group Also Targeting Telecom Firms
An emerging cyber espionage group that apparently started its work in South Africa last year is now focusing on targeting critical control systems for oil and gas companies in the Middle East, according to researchers at two cybersecurity firms.
The threat group – called “Lyceum” by Secureworks and “Hexane” by Dragos – also has targeted telecommunications providers in the Middle East, Africa and Central Asia, “potentially as a stepping stone to network-focused man-in-the-middle and related attacks,” Dragos reseachers say.
Secureworks, a unit of Dell, says that domain registrations indicate that Lyceum, which may have been active as early as April 2018, attacked targets in South Africa in the middle of last year. The group expanded its geographical reach in May when it launched a campaign against oil and gas companies in the Middle East after it had made a “sharp uptick in development and testing of their toolkit against a public multivendor malware scanning service in February.”
Dragos said organizations in Kuwait appear to be a primary target for the group.
“Currently, Lyceum appears to be operating at a fairly small scale, which has contributed to maintaining their low profile,” Rafe Pilling, senior security researcher at Secureworks’ counter threat unit, tells Information Security Media Group, adding that no operations in the United States have been detected.
“Geographical locations are less of a concern for cyber groups, and it is likely that geo-political issues are driving their operations rather than geography. … Multinational U.S. companies with subsidiaries in the Middle East may be at an elevated risk from Lyceum targeting. However, these types of organizations should already be considering the risk of APT [advanced persistent threat]-style intrusions and deploying appropriate controls and countermeasures.”