Latest news with #HanifNet
Daily News Egypt
3 days ago
- Business
- Daily News Egypt
Mideast infrastructure hit by advanced, 2-year cyber-espionage attack: Fortinet
A state-sponsored hacking group conducted a nearly two-year cyber-espionage campaign targeting critical national infrastructure (CNI) in the Middle East, using novel malware to breach and maintain access across both IT and operational technology (OT) networks, according to a new report. The investigation by Fortinet's FortiGuard Labs Incident Response (FGIR) team detailed a persistent intrusion from 2023 to early 2025, which involved sustained espionage and suspected network prepositioning for potential future attacks. During the multi-phase operation, the threat actor gained initial entry using compromised VPN credentials and deployed multiple custom backdoors, including malware identified as HanifNet, HXLibrary, and NeoExpressRAT. The group then bypassed network segmentation using proxy tools such as Ngrok and ReverseSocks5 to move between the organisation's information technology (IT) and operational technology (OT) environments. While the report confirmed no disruption to OT systems, it noted significant reconnaissance activity within these restricted networks. The attackers also targeted virtualisation infrastructure to deepen their access. Even after being removed from the network, the group made repeated attempts to re-establish a foothold by exploiting third-party software and using phishing attacks, signalling a long-term strategic objective. The findings mirror a broader trend detailed in Fortinet's 2024 State of Operational Technology and Cybersecurity Report. According to that report, 73% of OT organisations globally have now experienced cyber intrusions, a significant increase from 49% in 2023. Attacks targeting OT systems specifically also rose to 24%, up from 17% the previous year. This trend has led to a shift in oversight, with 60% of organisations now reporting that responsibility for OT cybersecurity rests at the executive level with the CISO, CIO, or COO. Fortinet's 2025 Global Threat Landscape Report also noted that state-sponsored groups remain highly active, primarily targeting government, technology, and education sectors. The Middle East remains a high-risk region, with Europe, theMiddle East, and Africa (EMEA) accounting for 26% of all recorded global exploitation attempts. The report also linked over 60% of global hacktivist campaigns to geopolitical causes. To defend against such persistent and well-resourced adversaries, FortiGuard Labs recommends that organisations prioritise several key defensive measures. These include enforcing multi-factor authentication (MFA) and regular credential rotation, deploying a zero-trust architecture with network segmentation, and implementing endpoint detection and response (EDR) with behavioural analytics. The report concluded that this investigation highlights the evolving nature of state-backed cyber threats and underscores the growing need for continuous monitoring and adaptive defence strategies to protect critical infrastructure.
Mid East Info
3 days ago
- Business
- Mid East Info
Report: Advanced Cyberattacks Hit Middle East Critical Infrastructure Over Two Years
FortiGuard Labs Uncovers Advanced Espionage Campaign Targeting IT/OT Systems 73% of OT Firms Targeted as Cyberattacks Escalate Across Critical Sectors The FortiGuard Labs' Incident Response (FGIR) team recently investigated a long-term cyber intrusion targeting critical national infrastructure (CNI) in the Middle East. The intrusion, attributed to a state-sponsored threat actor, involved sustained espionage operations and suspected network prepositioning. Over the course of nearly two years, the threat actor deployed novel malware, bypassed network segmentation, and made repeated attempts to maintain access across segmented IT and OT environments. Advanced Malware and Persistent Access: The multi-phase intrusion detailed by FGIR spanned from 2023 to early 2025. The attacker initially gained entry using compromised VPN credentials, then established footholds using multiple custom backdoors including HanifNet, HXLibrary, and NeoExpressRAT. They bypassed segmentation using proxy tools such as Ngrok, ReverseSocks5, and plink, and targeted virtualization infrastructure to deepen access. While no confirmed disruption to OT systems was observed, the report notes significant reconnaissance activity in restricted environments — emphasizing the need for heightened defense across converged IT/OT networks. The operation unfolded across four stages: initial compromise, consolidation of access, adversary response to containment, and attempted re-entry via exploitation of third-party software and phishing attacks. Even after being removed from the network, the threat actor made repeated efforts to re-establish access — signalling a long-term strategic objective. OT Security Faces Escalating Threats: According to Fortinet's 2024 State of Operational Technology and Cybersecurity Report, 73% of OT organizations globally have now experienced cyber intrusions — up from 49% in 2023 — with targeted OT-only attacks also rising from 17% to 24%. This trend mirrors the patterns observed in the latest investigation, where state-linked actors deployed advanced malware, evaded detection, and used phishing and software exploitation to reestablish access after remediation efforts. For this reason, we are seeing responsibility for OT cybersecurity increasingly shifting to the CISO, CIO, and COO, with 60% of organizations reporting executive-level oversight. Regional Threat Activity on the Rise: Fortinet's 2025 Global Threat Landscape Report also confirms that state-sponsored groups remain highly active, targeting government, technology, and education sectors. Interestingly, over 60% of hacktivist campaigns globally were linked to geopolitical causes. The Middle East also remains a high-risk region for cyber activity, with the EMEA region accounting for 26% of recorded global exploitation attempts. Defensive Recommendations: To defend against such persistent and well-resourced adversaries, the FortiGuard team recommends that organizations prioritize the following defensive measures: Enforcing multi-factor authentication (MFA) and regular credential rotation Deploying zero-trust architecture and network segmentation Implementing endpoint detection and response (EDR) and behavioural analytics Conducting regular penetration testing and incident response readiness exercises This investigation highlights the persistent and evolving nature of state-backed cyber threats targeting Middle Eastern CNIs, and a growing need for continuous monitoring, adaptive defense strategies, and coordinated threat intelligence to protect critical infrastructure in the face of sophisticated cyber threats.
