Cyber Threats targetting the energy industry

GuLoader Information report

Key findings

In this report are presented:

• The origin of the malware and information about the company running it.
• How multiple companies from the energy sector including, three French companies with branches in Liquified Natural Gas (LNG) production, were targeted using internal emails that were uploaded to public platforms and likely reused by an unidentified threat actor to send phishing emails with their template.
• The last techniques, tactics and procedures threats actors are currently leveraging to target critical entities using GuLoader and other malwares.
• Some insights on GuLoader’s functionalities and evasion techniques leveraged by its NSIS and VBS variants.

Intrinsec’s CTI services

Organisations are facing a rise in the sophistication of threat actors and intrusion sets. To address these evolving threats, it is now necessary to take a proactive approach in the detection and analysis of any element deemed malicious. Such a hands-on approach allows companies to anticipate, or at least react as quickly as possible to the compromises they face.

For this report, shared with our clients in July 2023, Intrinsec relied on its Cyber Threat Intelligence service, which provides its customers with high value-added, contextualized and actionable intelligence to understand and contain cyber threats. Our CTI team consolidates data & information gathered from our security monitoring services (SOC, MDR …), our incident response team (CERT-Intrinsec) and custom cyber intelligence generated by our analysts using custom heuristics, honeypots, hunting, reverse-engineering & pivots.

Intrinsec also offers various services around Cyber Threat Intelligence:

• Risk anticipation: which can be leveraged to continuously adapt the detection & response capabilities of our clients’ existing tools (EDR, XDR, SIEM, …) through:
• an operational feed of IOCs based on our exclusive activities.
• threat intel notes & reports, TIP-compliant.
• Digital risk monitoring:
• data leak detection & remediation
• external asset security monitoring (EASM)
• brand protection

For more information, go to www.intrinsec.com/en/cyber-threat-intelligence/.

Follow us on Linkedin and Twitter