Overview
Chrysene is also known as Cobalt Gypsy, APT 34, EUROPIUM, Greenbug, Hazel Sandstorm, and OilRig. This threat actor group is developed from a long-running cyber espionage activity that was discovered in 2012 after a destructive cyberattack impacting Saudi Aramco. They leverage 64-bit malware that can only run in 64-bit environments to establish unique Command and Control Network capabilities.
This group have targeted Iraq, Pakistan, the UK, and Israel with special focus on the Arabian Gulf region. They generally aims for petrochemicals, oil, gas, and electricity generation sectors. Nowadays, they are into directly targeting ICS resources. Chrysene is suspected to be backed by Iranian government.
How Does it Work?
Just like the other ransomware attacks, Chrysene also intrude the network via email phishing. They prompt the users to click on a link with a malicious file, disguised as a legitimate one. They successfully compromises a target and passes the victim to another group for further exploitation.
The group is still active and evolving its techniques and tactics continuously. They are also revising and updating its malicious software toolkit. Chrysene aims to evade the existing anti-virus and other detection mechanisms. However, the group appears to be interested in the penetration various networks to conduct ICS-specific reconnaissance.
Prevention
In order to overcome such attacks a highly advanced cybersecurity program must be utilized. It should also contain some of the most advanced security solutions, email as well as web content filtering, antiviruses, and threat hunting measures. Application of Zero Trust Model, Multifactor Authentication, in-depth defense, etc., are a must to prevent and mitigate the potential damage done by Chrysene.
Takeaway!
Chrysene poses a great threat to various government organizations of different countries. However, it is not impossible to stop and/or mitigate its attacks. Making use of all the advanced anti-threat technologies can surely help in identifying and hunting its malware or spyware. Regular trainings of employees regarding various threat actors and regular network checkups can be of great help in fighting with it.
Comments
Post a Comment