HEXANE

Threat Actor Profile Updated 3 months ago
Download STIX
Preview STIX
Hexane is a threat actor originating from the Middle East and Africa (MEA) region, involved in malicious cyber activities with the intent of espionage. The group has been active since at least 2019, showing similarities to other activity groups like MAGNALLIUM and CHRYSENE. Hexane primarily targets critical infrastructure and telecommunications operations, reflecting a broader trend among similar groups. However, as of now, cybersecurity firm Dragos assesses that Hexane does not have the capability or access required to disrupt Industrial Control System (ICS) networks. The group's activities have largely focused on organizations in Saudi Arabia, the United Arab Emirates, and Israel. These operations put Hexane alongside other well-known Advanced Persistent Threat (APT) actors such as Oilrig, Molerats, and Bahamut. Hexane's methods involve the use of malicious documents that drop malware, establishing a foothold for subsequent malicious activities within the targeted systems. Despite its limitations in disrupting ICS networks, Hexane's consistent focus on critical infrastructure and telecommunications poses a significant threat. Its activities align with the strategic objectives of certain countries in the MEA region seeking to bolster their influence through digital espionage. Understanding and mitigating the risks posed by Hexane and similar threat actors is crucial for maintaining the security and integrity of key infrastructures and telecommunication networks.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Dragos
Apt
Malware
Ics
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
MagnalliumUnspecified
1
Magnallium, also known as Elfin, is a significant threat actor that has been active in the cybersecurity landscape. This entity, which could be an individual, a private company, or part of a government organization, has been identified as executing actions with malicious intent. A noticeable surge i
OilRigUnspecified
1
OilRig is a well-known threat actor in the cybersecurity landscape, notorious for its sophisticated attacks on various targets, including Middle Eastern telecommunications organizations and Israel's critical infrastructure sector. This entity has been linked to several high-profile campaigns such as
MoleratsUnspecified
1
Molerats, also known as Gaza Cybergang Group1, is a threat actor linked to Hamas that has been active for over a decade. This low-budget group has been tracked by researchers under various names including Molerats, Gaza Cybergang, Frankenstein, WIRTE, and Proofpoint’s TA402 designation. Among 16 Adv
BahamutUnspecified
1
Bahamut is a threat actor group known for its sophisticated cyber-espionage operations, targeting primarily South Asia. Meta's Adversarial Threat Report from the first quarter of 2023 identified Bahamut as one of three major groups involved in cyber espionage operations in the region, alongside Patc
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the HEXANE Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
DARKReading
4 months ago
Saudi Arabia, UAE Top List of APT-Targeted Nations in the Middle East
CERT-EU
5 months ago
Surge in ransomware, leaks and info stealers targeting Middle East and Africa – Intelligent CIO Middle East | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
MITRE
a year ago
Cyber Threat Group LYCEUM Takes Center Stage in Middle East Campaign
MITRE
a year ago
EXANE Threat Group | Dragos