Search KuwaitPR.com

Home >> Technology

Cyberattacks on Kuwait Shipping and Transportation Organizations

Tuesday, September 24, 2019/ Editor -  

Share

Home >> Technology

September 24, 2019 - Kuwait

Between May and June 2019, Unit 42, the global threat intelligence team at Palo Alto Networks, observed previously unknown tools used in the targeting of transportation and shipping organizations based in Kuwait.

The first known attack in this campaign targeted a Kuwait transportation and shipping company in which the actors installed a backdoor tool named Hisoka. Several custom tools were later downloaded to the system in order to carry out post-exploitation activities. All of these tools appear to have been created by the same developer. We were able to collect several variations of these tools including one dating back to July 2018. 

The developer of the collected tools used character names from the anime series Hunter x Hunter, which is the basis for the campaign name “xHunt.” The names of the tools collected include backdoor tools Sakabota, Hisoka, Netero and Killua. These tools not only use HTTP for their command and control (C2) channels, but certain variants of these tools use DNS tunneling or emails to communicate with their C2 as well. While DNS tunneling as a C2 channel is fairly common, the specific method in which this group used email to facilitate C2 communications has not been observed by Unit 42 in quite some time. This method uses Exchange Web Services (EWS) and stolen credentials to create email “drafts” to communicate between the actor and the tool. In addition to the aforementioned backdoor tools, we also observed tools referred to as Gon and EYE, which provide the backdoor access and the ability to carry out post-exploitation activities.

Through comparative analysis, we identified related activity also targeting Kuwait between July and December 2018, which was recently reported by IBM X-Force IRIS. While there are no direct infrastructure overlaps between the two campaigns, historical analysis shows that the 2018 and 2019 activities are likely related.


Next in Technology


Home >> Technology Section

Latest Press Release

Burgan Bank Continues Sponsorship of Ahmadi Music Group's World-Class Performanc ...

Burgan Bank Sponsors ‘Waves of Brazil' for the Third Consecutive Year

Burgan Bank Announces the Third and Last Batch of Winners of its 200% Cash Back ...

New 2020 Nissan Patrol Arrives in Kuwait

Al Hamra Promotes Breast Cancer Awareness Month Through ‘Enlighten Yourself' Cam ...

Sheikh Abdullah Al Salem Cultural Centre Addresses Significance of Water Sustain ...

Foreo Launches Luna 3 to Refresh, Hydrate and Tone Up Your Skin

Turkish Airlines and United Nations Alliance of Civilizations created a joint pl ...

The Power of the Multi-Masque

Burgan Bank Offers Free Coffee on the Occasion of ‘International Coffee Day' in ...

Burgan Bank launches a New Qatar Airways Co-branded Mastercard Prepaid Card

Burgan Bank Receives Excellence Award in Recruitment of National Labor

Reshaping Learning Experiences in Kuwait: Teaching the English Language with Ne ...

Introducing Pandora Me, featuring Millie Bobby Brown

The new Bergamot & Neroli collection, inspired by the warmth and energy of Medit ...

Cyberattacks on Kuwait Shipping and Transportation Organizations

Dubai Cares and The Body Shop are supporting children and youth's education:

Versus Saint Germain

Burgan Bank announces the new winner of the KD 125,000 cash prize in the Yawmi Q ...

Infiniti Qx80 Wins 2019 Autopacific Ideal Vehicle Award