Cybercrime , Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime

Lyceum APT Group a Fresh Threat to Oil and Gas Companies

Reports Say Group Also Targeting Telecom Firms
Lyceum APT Group a Fresh Threat to Oil and Gas Companies

An emerging cyber espionage group that apparently started its work in South Africa last year is now focusing on targeting critical control systems for oil and gas companies in the Middle East, according to researchers at two cybersecurity firms.

See Also: OnDemand | 2024 Phishing Insights: What 11.9 Million User Behaviors Reveal About Your Risk

The threat group – called “Lyceum” by Secureworks and “Hexane” by Dragos – also has targeted telecommunications providers in the Middle East, Africa and Central Asia, “potentially as a stepping stone to network-focused man-in-the-middle and related attacks,” Dragos reseachers say.

Secureworks, a unit of Dell, says that domain registrations indicate that Lyceum, which may have been active as early as April 2018, attacked targets in South Africa in the middle of last year. The group expanded its geographical reach in May when it launched a campaign against oil and gas companies in the Middle East after it had made a “sharp uptick in development and testing of their toolkit against a public multivendor malware scanning service in February.”

Dragos said organizations in Kuwait appear to be a primary target for the group.

“Currently, Lyceum appears to be operating at a fairly small scale, which has contributed to maintaining their low profile,” Rafe Pilling, senior security researcher at Secureworks’ counter threat unit, tells Information Security Media Group, adding that no operations in the United States have been detected.

“Geographical locations are less of a concern for cyber groups, and it is likely that geo-political issues are driving their operations rather than geography. … Multinational U.S. companies with subsidiaries in the Middle East may be at an elevated risk from Lyceum targeting. However, these types of organizations should already be considering the risk of APT [advanced persistent threat]-style intrusions and deploying appropriate controls and countermeasures.”

Tactics and Techniques

Lyecum’s tactics and techniques are similar to other APT groups, such as Colbalt Gypsy – which is related to


About the Author

Jeffrey Burt

Jeffrey Burt

Contributing Editor

Burt is a freelance writer based in Massachusetts. He has been covering the IT industry for almost two decades, including a long stint as a writer and editor for eWEEK. Over the past several years, he also has written and edited for The Next Platform, Channel Partners, Channel Futures, Security Now, Data Center Knowledge, ITPro Today and Channelnomics.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.