Read more below:Researchers have identified a never-before-seen threat group targeting Middle East critical infrastructure organizations with novel malware, sent via spearphishing emails.
The threat group, LYCEUM, was observed in 2019 sending spear phishing emails harboring malicious Microsoft Excel attachments to oil and gas companies. When clicked, the attachments downloaded a newly-discovered malware called DanBot, which subsequently deploys post-intrusion tools to spread across the impacted company’s network, steal credentials and other account information and capture keystrokes on impacted systems.
“LYCEUM appears to have been operating for over a year without detection and it was intriguing to discover a new group with a similar style to established Iranian threat groups, but otherwise no distinguishing technical characteristics that allow it to be linked to previously documented activity,” Rafe Pilling, senior security researcher at Secureworks Counter Threat Unit, told Threatpost.
Researchers have identified a new threat group targeting critical infrastructure organizations primarily in the Middle East with spear phishing emails. The threat group, LYCEUM, has been observed in several campaigns in 2018 and 2019 sending spearphishing emails with malicious Excel documents...
The previously unobserved LYCEUM threat group targeted critical infrastructure organizations without being detected for more than 12 months.