HEXANE

Hexane is a threat actor originating from the Middle East and Africa (MEA) region, involved in malicious cyber activities with the intent of espionage. The group has been active since at least 2019, showing similarities to other activity groups like MAGNALLIUM and CHRYSENE. Hexane primarily targets critical infrastructure and telecommunications operations, reflecting a broader trend among similar groups. However, as of now, cybersecurity firm Dragos assesses that Hexane does not have the capability or access required to disrupt Industrial Control System (ICS) networks. The group's activities have largely focused on organizations in Saudi Arabia, the United Arab Emirates, and Israel. These operations put Hexane alongside other well-known Advanced Persistent Threat (APT) actors such as Oilrig, Molerats, and Bahamut. Hexane's methods involve the use of malicious documents that drop malware, establishing a foothold for subsequent malicious activities within the targeted systems. Despite its limitations in disrupting ICS networks, Hexane's consistent focus on critical infrastructure and telecommunications poses a significant threat. Its activities align with the strategic objectives of certain countries in the MEA region seeking to bolster their influence through digital espionage. Understanding and mitigating the risks posed by Hexane and similar threat actors is crucial for maintaining the security and integrity of key infrastructures and telecommunication networks.