Cyberattacks on Kuwait Shipping and Transportation Organizations
September 24, 2019 - Kuwait
Between May and June 2019, Unit 42, the global threat intelligence team at Palo Alto Networks, observed previously unknown tools used in the targeting of transportation and shipping organizations based in Kuwait.
The first known attack in this campaign targeted a Kuwait transportation and shipping company in which the actors installed a backdoor tool named Hisoka. Several custom tools were later downloaded to the system in order to carry out post-exploitation activities. All of these tools appear to have been created by the same developer. We were able to collect several variations of these tools including one dating back to July 2018.
The developer of the collected tools used character names from the anime series Hunter x Hunter, which is the basis for the campaign name “xHunt.” The names of the tools collected include backdoor tools Sakabota, Hisoka, Netero and Killua. These tools not only use HTTP for their command and control (C2) channels, but certain variants of these tools use DNS tunneling or emails to communicate with their C2 as well. While DNS tunneling as a C2 channel is fairly common, the specific method in which this group used email to facilitate C2 communications has not been observed by Unit 42 in quite some time. This method uses Exchange Web Services (EWS) and stolen credentials to create email “drafts” to communicate between the actor and the tool. In addition to the aforementioned backdoor tools, we also observed tools referred to as Gon and EYE, which provide the backdoor access and the ability to carry out post-exploitation activities.
Through comparative analysis, we identified related activity also targeting Kuwait between July and December 2018, which was recently reported by IBM X-Force IRIS. While there are no direct infrastructure overlaps between the two campaigns, historical analysis shows that the 2018 and 2019 activities are likely related.
Home >> Technology Section
Why Catrice's Blushin' Charm is the One Thing You Need as Your Travel Essential
KIB employees come together to support annual blood drive in partnership with Ku ...
KIB promotes Khloud Al-Salem to General Manager of the Legal Department
IATA Comments on Misguided Solidarity Levy Proposal
Mercato Wows Visitors with Circus Spectacles, Iconic Slide, and Weekly Cash Priz ...
Pioneering the Future of Food Tech in Kuwait Jahez Application and Kuwait Innova ...
CINET Launches a Cybersecurity Internship Program to Empower a Future-Ready Work ...
Burgan Bank Signs Partnership with SAP to Deploy the SuccessFactors HCM System
G-SHOCK's Summer Style Statement: Metal-Cased Watches That Define the Season
Passenger Growth Hits 5% in May
May Air Cargo Demand Up 2.2% Despite Trade Disruptions
KIB promotes financial awareness and banking literacy among visitors of Assima M ...
Hibrid and Alibaba Cloud Sign MoU to Deliver Advanced Streaming and Comprehensiv ...
Get Ready for Fabulous Summer Looks with BADgal BANG! Power Blue Mascara!
Burgan Bank Appoints Mohammed Al-Roomi as Deputy General Manager of Information ...
KIB signs strategic partnership with IE Business School under Waed program
Bigger Thrills and Better Rewards Await You This Dubai Summer Surprises at Merca ...
KIB hosts a panel discussion titled ‘Financing and Mortgages: Opportunities and ...
Burgan Bank Organizes Field Visit for ‘Academy X' Students at its Headquarters i ...
Kuwait celebrates National Day at Expo 2025 Osaka with a striking showcase of cu ...