Hacking group hits Mid East oil and gas sector: report
ASP shell attacks allow access to databases, file structure says cyber security firm
A hacking group has hit an unspecified number of Middle East oil and gas organisations and has threatened to move on to government ministries, according to a threat bulletin released by General Dynamics Fidelis Cybersecurity Solutions.
According to the report, which does not identify victims, the group calls itself STTEAM and operates by uploading ASP shell backdoors, which give access to other systems. The group leaves behind a bragging board that incorporates the Anonymous logo.
“This group has compromised webpages from various organisations in the Middle East
and have added some specific strings,” Fidelis announced in its report. “We are providing those strings to local authorities to assist in identifying victim organisations.”
One backdoor contained Turkish words and a reference to an individual named “Zehir”, who may be the architect of the script. According to Fidelis, the backdoors give access to system information and allow the attackers to connect to SQL databases, list tables and execute commands; browse directories; perform file manipulations (upload, download, copy, delete, modify, search and others); and perform folder manipulations (delete, copy and others).
In late 2012, the region’s petrochemical sector was targeted by cyber hacktivists when Qatar’s Ras Gas and KSA’s Saudi Aramco were attacked by similar means. However, those attacks bear little resemblance to the STTEAM operation, which has yet to declare a motive for its actions.