Oil and Gas Firms Targeted By New LYCEUM Threat Group


Level 69
Content Creator
Malware Hunter
Aug 17, 2014
Researchers have identified a never-before-seen threat group targeting Middle East critical infrastructure organizations with novel malware, sent via spearphishing emails.

The threat group, LYCEUM, was observed in 2019 sending spear phishing emails harboring malicious Microsoft Excel attachments to oil and gas companies. When clicked, the attachments downloaded a newly-discovered malware called DanBot, which subsequently deploys post-intrusion tools to spread across the impacted company’s network, steal credentials and other account information and capture keystrokes on impacted systems.

“LYCEUM appears to have been operating for over a year without detection and it was intriguing to discover a new group with a similar style to established Iranian threat groups, but otherwise no distinguishing technical characteristics that allow it to be linked to previously documented activity,” Rafe Pilling, senior security researcher at Secureworks Counter Threat Unit, told Threatpost.
Read more below: