Researchers have identified a never-before-seen threat group targeting Middle East critical infrastructure organizations with novel malware, sent via spearphishing emails. The threat group, LYCEUM, was observed in 2019 sending spear phishing emails harboring malicious Microsoft Excel attachments to oil and gas companies. When clicked, the attachments downloaded a newly-discovered malware called DanBot, which subsequently deploys post-intrusion tools to spread across the impacted company s network, steal credentials and other account information and capture keystrokes on impacted systems.
Source: https://threatpost.com/oil-and-gas-firms-targeted-by-new-lyceum-threat-group/147705/