TACTICAL CYBER INTELLIGENCE REPORT
Actor Type: I-IV
Serial:18-072-001
Region: KW, SA
Report Date: 20180314
Industries: Energy (Oil, Gas), Construction, Shipping
Kuwait Energy Targeting
Summary
Wapack Labs CTAC has exposed a large number of cyber events regarding the oil rich country of Kuwait and their oil and gas industry. Among targeted industries are a shipping company (merchantkuwait.com), which is a supplier for oil and gas, petrochemical, marine, and other industries (globalvision-kw.com), and a regional Kuwaiti construction company servicing oil, education and other sectors (cgc-kw.com). More incidents were discovered via CTAC are being further analyzed.
Figure 1. Kuwaiti company Global Vision website
Details
The State of Kuwait is a country in Western Asia of the Persian Gulf, with the world's sixth largest oil reserves. Over 34,000 hits were observed in Wapack Labs CTAC (Cyber Threat Analysis Center). These incidents represent ongoing penetration attempts with malicious emails; as well as systems already being compromised by hackers, which are detected in our sinkhole traffic and keylogger stashes.
Important examples of the discovered incidents connected to the Kuwait Oil and Gas sector, are Global Vision and Combined Group. Global Vision is a Kuwaiti supplier for oil and gas, petrochemical, marine, and other industries (globalvision-kw.com), and Combined Group is a regional Kuwaiti construction company servicing oil, education and other (cgc-kw.com). See Figure 1.
Other affected entities represent numerous Kuwaiti industries. For example, accesspro-kw.com, a construction and remodeling company; and merchantkuwait.com, a shipping company. On 26 February 2018, a malicious email was sent to eight (8) Merchant Kuwait company addresses:
Figure 2. Merchant Kuwait targeted email addresses
Figure 3. Malicious email sent to merchantkuwait.com
Figure 3. illustrates an email which was additionally sent to a Saudi Aramco supplier and other regional companies. The next day, 27 February 2018, the malicious email was identified by only 9 antivirus engines out of 60, making it a potentially dangerous vector of compromise.[1] Wapack Labs analysts are working to provide a full risk assessment on the recorded Kuwait-related incidents.
For questions or comments regarding this report or additional research, please contact the lab directly at 603-606-1246 or feedback@wapacklabs.com
Additional Reporting:
U.S. Oil Exports and Cyber Security[2], dtd: 21 February 2018
Prepared: Yury Polozov
Reviewed: B. Schenkelberg
Approved: J. Stutzman
[1] virustotal.com/en/file/40d391329e35eea9ae7668f0558878811acac67509093dec324061daa8431b07/analysis/
[2] TR-18-052-001
Comments