The Nigerian Communications Commission (NCC) has once again alerted citizens to the existence of another group of hackers orchestrating cyber espionage in the African telecoms space.
In a statement signed by its public affairs director Dr Ikechukwu Adinde, the agency revealed that an Iranian hacking group known as the Lyceum (also known as Hexane, Siamesekitten or Spirlin) had been reported. as targeting telecommunications, Internet service providers (ISPs) and Ministries of Foreign Affairs (MFA) in Africa with enhanced malware in a recent politically motivated cyber-espionage-oriented attack.
According to the statement, “Information on this cyberattack is contained in the latest advisory issued by the Nigerian Computer Emergency Response Team (ngCERT). NgCERT rated the likelihood and level of damage from the new malware as high. “
The NCC cited the notice, which said the hacking group was known to focus on infiltrating the networks of carriers and ISPs.
Between July and October 2021, Lyceum was involved in attacks on ISPs and telecommunications organizations in Israel, Morocco, Tunisia and Saudi Arabia, the statement revealed.
“The Advanced Persistent Threats (APT) cluster has been linked to campaigns that have hit Middle Eastern oil and gas companies in the past. Today, the group seems to have focused on the technology sector. In addition, the APT is responsible for a campaign against the foreign ministry of an anonymous African government.
“By the way attackers operate, Lyceum’s initial attack vectors include credential stuffing and brute force attacks. So, once a victim’s system is compromised, attackers perform surveillance on specific targets.
“In this mode, Lyceum will attempt to deploy two different types of malware: Shark and Milan (known together as James).
“Both malware are backdoors. Shark, a 32-bit executable written in C # and .NET, generates a configuration file for Domain Name System (DNS) tunneling or C2 Hypertext Transfer Protocol (HTTP) communications; while Milan – a 32-bit Remote Access Trojan (RAT) recovers the data, ”the statement added.
He further noted that both are able to communicate with the group’s Command and Control (C2) servers. The APT maintains a network of C2 servers that connect to the group’s backdoors, made up of more than 20 domains, six of which were previously not associated with threat actors.
According to reports, individual accounts of companies of interest are typically targeted, and then once those accounts are hacked, they are used as a springboard to launch spear-phishing attacks against high-level executives in an organization. The report suggests that not only do attackers search for data on subscribers and connected third-party companies, but once compromised, threat actors or their sponsors can also use these industries to monitor people of interest.
However, to guard against these types of threats, the NCC reiterated that ngCERT reports that multiple layers of security in addition to constant network monitoring are required by carriers and ISPs to avoid potential attacks.
He further advised telecommunications consumers and the general public to: “ensure the consistent use of firewalls (software, hardware and cloud firewalls); Enable a web application firewall to help detect and prevent attacks from web applications by inspecting HTTP traffic; Install up-to-date antivirus programs to help detect and prevent a wide variety of malware, Trojans, and viruses, which APT hackers will use to exploit your system; Implement the use of intrusion prevention systems that monitor your network; Create a secure sandboxing environment that allows you to open and run untrusted programs or code without risking harm to your operating system; Ensure the use of a virtual private network (VPN) to prevent APT hackers from easily accessing your company network; and enable spam and malware protection for your email applications, and teach your employees how to identify potentially malicious emails.
As the operator of the Telecommunications Sector Cyber Threat Response Center (CSIRT), the NCC said it would continue to demonstrate its commitment to active surveillance and monitoring of cyber activities in the sector and that ‘He would always keep stakeholders in Nigeria’s telecommunications sector informed of potential threats. within cyberspace.
The essence was to ensure that the networks that provide essential services are secure and that telecommunications consumers are protected from cyber attacks, NCC added in the statement.