Kuwait logistics companies target of cyber attacks

Global threat intelligence team Unit 42 finds hackers used previously unknown tools to infiltrate transportation and shipping organisations in the Gulf state

12/07/09 -  Kuwait City, Kuwait - Skyline of Kuwait City from the Kuwait Towers.  The Liberation Tower is on the right.  The Liberation Tower is the tallest structure in Kuwait. Construction of the tower commenced before the Iraqi invasion of Kuwait on August 2, 1990.  (Andrew Henderson/The National)   *** Local Caption ***  ah_090711_Kuwait_Stock_0301.jpg
Powered by automated translation

Hackers used previously unknown tools to target transportation and shipping companies in Kuwait in May and June, according to a new report from Unit 42, the global threat intelligence unit at Palo Alto Networks.

In the first attack identified in the campaign, criminals installed a backdoor tool named Hisoka to gain access. Several custom tools were later downloaded to the system to carry out post-exploitation activities.

“All of these tools appear to have been created by the same developer. We were able to collect several variations of these tools including one dating back to July 2018,” the report said.

The campaign has been dubbed "xHunt" because the developer used character names from the Japanese manga television series Hunter x Hunter.

Through comparative analysis, Unit 42 identified related activity also targeting Kuwait between July and December 2018, “which was recently reported by IBM X-Force Iris (Incident Response and Intelligence Services)”.

“While there are no direct infrastructure overlaps between the two campaigns, historical analysis shows that the 2018 and 2019 activities are likely related,” the report said.

In the Global Cybersecurity Index 2018, Kuwait was ranked sixth out of 22 Arab countries and 67th out of 175 countries globally. Kuwait’s National Cyber Security Strategy 2017-2020 mandated the creation of the National Cyber Security Centre and the development of a national cybersecurity framework. The second Gulf Cybersecurity conference will take place in Kuwait in November.

Cyber criminals were responsible for stealing more than $1 trillion (Dh3.67tn) globally last year, of which Mena’s share was almost 20 per cent (Dh734 billion), according to cybersecurity firm Z Services.

The Cisco 2018 Security Capabilities Benchmark Study found that security breaches caused damage worth more than $500,000 for 48 per cent of the Mena companies surveyed and almost 60 per cent of businesses lost their systems for more than five hours.

The cybersecurity market was valued at $6.24bn in the Mena region last year, according to market analysis and advisory firm Mordor Intelligence.