Chrysene group emerges targeting Middle Eastern and Western targets
Target: Western nations as well as Middle Eastern nations who are close to the West
Attack Vector: Intelligence gathering, network penetration
Threat Actor: Chrysene, Oilrig (APT34), Greenbug
Summary: Chrysene group has been recently rediscovered targeting the industrial sector of nations in the Middle East as well as the UK. The group is believed to originate from Iran, and is closely related to the Iranian state-sponsored threat actors Oilrig (known as APT34) as well as Greenbug, another threat actor originating in the Middle East. These three groups all use similar tools and are believed to have been involved in the Shamoon and Shamoon 2 attacks. However, Chrysene is judged to have an ever more advanced range of techniques which are used in reconnaissance and intelligence gaining exercises. What is notable however is that Chrysene appears to not actually execute attacks, more use its skills simply to acquire information, the group works with fellow threat actors to put the intelligence gained to full use. Risk assessment summary: This threat is assessed as 3d MODERATE. However, the threat of a real attack from Chrysene is limited, due to the fact they have not been observed to do so, or seem inclined to in the future. The actual risk of an attack comes from Chrysene providing the intelligence they gather to other groups such as Oilrig and Greenbug, something which is believed to have happened in previous attacks. The continuing cold relations with Saudi Arabia is another cause for concern and renders a future attack possible.
The techniques Chrysene use to infiltrate networks, such as watering-hole attacks, have been observed to be effective in helping the group achieve their goals. As well as this, the presence of an unwanted threat actor on a system could potentially jeopardize customer data or other sensitive information, driving up the risk.