LAURIONITE
Targets Oracle e-buisness suite iSupplier web services and assets across multiple industrial sectors.
THREAT DESCRIPTION
LAURIONITE is a threat group that uses open-source offensive security tooling with public proof of concepts to aid in exploiting common vulnerabilities, targeting industrial organizations including manufacturing.
LAURIONITE was first discovered actively targeting and exploiting Oracle E-Business Suite iSupplier web services and assets across several industries, including aviation, automotive, manufacturing, and government. LAURIONITE utilizes a combination of open-source offensive security tooling and public proof of concepts to aid in their exploitation of common vulnerabilities.
Oracle E-Business Suite is one of the most widely used enterprise solutions for integrated business processes. By utilizing compromised infrastructure, LAURIONITE can remain undetected or overlooked due to its origin being from trusted or known organizations.
LAURIONITE has demonstrated the ability to conduct the complete attack cycle of offensive cyber operations that achieve Stage 1 of the ICS Cyber Kill Chain from Reconnaissance to Actions on the Objective. The adversary operators show expertise in various offensive cyber operation skills in navigating target systems, exploiting vulnerabilities, maintaining persistence, conducting lateral movement, internal reconnaissance, defense evasion, and exfiltration.
LAURIONITE was first discovered actively targeting and exploiting Oracle E-Business Suite iSupplier web services and assets across several industries, including aviation, automotive, manufacturing, and government. LAURIONITE utilizes a combination of open-source offensive security tooling and public proof of concepts to aid in their exploitation of common vulnerabilities.
Oracle E-Business Suite is one of the most widely used enterprise solutions for integrated business processes. By utilizing compromised infrastructure, LAURIONITE can remain undetected or overlooked due to its origin being from trusted or known organizations.
LAURIONITE has demonstrated the ability to conduct the complete attack cycle of offensive cyber operations that achieve Stage 1 of the ICS Cyber Kill Chain from Reconnaissance to Actions on the Objective. The adversary operators show expertise in various offensive cyber operation skills in navigating target systems, exploiting vulnerabilities, maintaining persistence, conducting lateral movement, internal reconnaissance, defense evasion, and exfiltration.
Date: Since 2023
ADVERSARY
- No known associations
- Refined operational trade craft, technical competence
CAPABILITIES
- Uses web shells, SlipIt delivery tool, open-source security tools
- Public proof of concepts for initial access
VICTIM
- Internet facing assets with oracle E-Business iSupplier
- Targets multiple industries and organizations, including aviation, automotive, manufacturing, and government
INFRASTRUCTURE
- Create domain masquerades to appear as victims’ identities
- Performs offensive operations against other targets from victim infrastructure
ICS IMPACT
- Loss of confidentiality, theft of operational information
- Espionage and persistent access
