Oil and Gas Firms Targeted By New LYCEUM Threat Group

[silversurfer]

A new threat group has been discovered targeting Middle Eastern critical infrastructure firms with spearphishing emails laced with malware.

Researchers have identified a never-before-seen threat group targeting Middle East critical infrastructure organizations with novel malware, sent via spearphishing emails.
 
The threat group, LYCEUM, was observed in 2019 sending spear phishing emails harboring malicious Microsoft Excel attachments to oil and gas companies. When clicked, the attachments downloaded a newly-discovered malware called DanBot, which subsequently deploys post-intrusion tools to spread across the impacted company’s network, steal credentials and other account information and capture keystrokes on impacted systems.
 
“LYCEUM appears to have been operating for over a year without detection and it was intriguing to discover a new group with a similar style to established Iranian threat groups, but otherwise no distinguishing technical characteristics that allow it to be linked to previously documented activity,” Rafe Pilling, senior security researcher at Secureworks Counter Threat Unit, told Threatpost.

Read more here: https://threatpost.com/oil-and-gas-firms...up/147705/