Stage 1: Reconnaissance The threat actors appear to have deliberately chosen the organizations they targeted, rather than pursuing them as targets of opportunity.
Staging targets held preexisting relationships with many of the intended targets.
Yes, there are verified malware programs out there for both the Macintosh and for Linux. Equally importantly, if you don't at least run an antivirus program, you run the risk of passing a virus on to your Windows friends (assuming any of them actually talk to you). So I've split the Tango into parts - Windows, Linux, the Macintosh, etc. But you get to all of them by that same "Let's Dance! This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). and international partners, DHS and FBI identified victims in these sectors.
Historically, cyber threat actors have targeted the energy sector with various results, ranging from cyber espionage to the ability to disrupt energy systems in the event of a hostile conflict.
Once actors obtain valid credentials, they are able to masquerade as authorized users.
Stage 3: Delivery When seeking to compromise the target network, threat actors used a spear-phishing email campaign that differed from previously reported TTPs.
DHS assesses this activity as a multi-stage intrusion campaign by threat actors targeting low security and small networks to gain access and move laterally to networks of major, high value asset owners within the energy sector.
Based on malware analysis and observed IOCs, DHS has confidence that this campaign is still ongoing, and threat actors are actively pursuing their ultimate objectives over a long-term campaign.