March 1, 2021 Spear Phishing Targeting ICS

This report covers an attack investigation done by DeNexus Threat Intelligence targeting supply-chain companies in the Middle East. Threat Intelligence is one of three major data sets for risk modeling in our DeRISK platform. Using information about threats, tactics techniques and procedures (TTPs), indicators of compromise (IoCs), attacker’s behavior patterns etc., DeRISK changes risk quantification for affected companies.

In September, 2020 ZScaler has published a report on a targeted attack on Oil and Gas Supply Chain Industries in Middle East. DeNexus Threat Intelligence has discovered additional details of this attack and new victims of this threat actor. The campaigns we have observed have evolved overtime, and the threat actor is still active with more campaigns.

In this report we explain these campaigns and the strategy the threat actor uses to infect targets.