Home / / Hacking group hits Mid East oil and gas sector: report

Hacking group hits Mid East oil and gas sector: report

ASP shell attacks allow access to databases, file structure says cyber security firm

Hacking group hits Mid East oil and gas sector: report
In late 2012, the region’s petrochemical sector was targeted by cyber hacktivists when Qatar’s Ras Gas and KSA’s Saudi Aramco were attacked.

A hacking group has hit an unspecified number of Middle East oil and gas organisations and has threatened to move on to government ministries, according to a threat bulletin released by General Dynamics Fidelis Cybersecurity Solutions.

According to the report, which does not identify victims, the group calls itself STTEAM and operates by uploading ASP shell backdoors, which give access to other systems. The group leaves behind a bragging board that incorporates the Anonymous logo.

“This group has compromised webpages from various organisations in the Middle East

and have added some specific strings,” Fidelis announced in its report. “We are providing those strings to local authorities to assist in identifying victim organisations.”

One backdoor contained Turkish words and a reference to an individual named “Zehir”, who may be the architect of the script. According to Fidelis, the backdoors give access to system information and allow the attackers to connect to SQL databases, list tables and execute commands; browse directories; perform file manipulations (upload, download, copy, delete, modify, search and others); and perform folder manipulations (delete, copy and others).

In late 2012, the region’s petrochemical sector was targeted by cyber hacktivists when Qatar’s Ras Gas and KSA’s Saudi Aramco were attacked by similar means. However, those attacks bear little resemblance to the STTEAM operation, which has yet to declare a motive for its actions.

Follow us to get the most comprehensive IT Security news delivered fresh from our social media accounts on Facebook, Twitter, Youtube, and listen to our Weekly Podcast. Click here to sign up for our weekly newsletter on curated technology news in the Middle East and Worldwide.

REGISTER NOW | Webinar Event | Security you can bank on – Safeguarding the Middle East’s financial sector

Presented in partnership with security and network specialist Cybereason, the second in the three part webinar series will bring together a panel of experts to discuss how banks and financial institutions are evolving their service offering while simultaneously staying one step ahead of the cyber criminals who seek to bring their operations crashing to the ground.

CHANNEL AWARD 2018