LAURIONITE

Targets Oracle e-buisness suite iSupplier web services and assets across multiple industrial sectors.

Threat Group: Laurionite
THREAT DESCRIPTION
LAURIONITE is a threat group that uses open-source offensive security tooling with public proof of concepts to aid in exploiting common vulnerabilities, targeting industrial organizations including manufacturing.

LAURIONITE was first discovered actively targeting and exploiting Oracle E-Business Suite iSupplier web services and assets across several industries, including aviation, automotive, manufacturing, and government. LAURIONITE utilizes a combination of open-source offensive security tooling and public proof of concepts to aid in their exploitation of common vulnerabilities.

Oracle E-Business Suite is one of the most widely used enterprise solutions for integrated business processes. By utilizing compromised infrastructure, LAURIONITE can remain undetected or overlooked due to its origin being from trusted or known organizations.

LAURIONITE has demonstrated the ability to conduct the complete attack cycle of offensive cyber operations that achieve Stage 1 of the ICS Cyber Kill Chain from Reconnaissance to Actions on the Objective. The adversary operators show expertise in various offensive cyber operation skills in navigating target systems, exploiting vulnerabilities, maintaining persistence, conducting lateral movement, internal reconnaissance, defense evasion, and exfiltration.

Date: Since 2023

ADVERSARY

  • No known associations
  • Refined operational trade craft, technical competence

CAPABILITIES

  • Uses web shells, SlipIt delivery tool, open-source security tools
  • Public proof of concepts for initial access

VICTIM

  • Internet facing assets with oracle E-Business iSupplier
  • Targets multiple industries and organizations, including aviation, automotive, manufacturing, and government

INFRASTRUCTURE

  • Create domain masquerades to appear as victims’ identities
  • Performs offensive operations against other targets from victim infrastructure

ICS IMPACT

  • Loss of confidentiality, theft of operational information
  • Espionage and persistent access
Explore Threat Groups
About Dragos Threat Intelligence

Dragos threat intelligence leverages the Dragos Platform, our threat operations center, and other sources to provide comprehensive insight into threats affecting industrial control security and safety worldwide. Dragos does not corroborate nor conduct political attribution to threat activity. Dragos instead focuses on threat behaviors and appropriate detection and response. Read more about Dragos’s approach to categorizing threat activity and attribution.

Dragos does not publicly describe ICS threat group technical details except in extraordinary circumstances in order to limit tradecraft proliferation. However, full details on BAUXITE and other group tools, techniques, procedures, and infrastructure are available to network defenders via Dragos WorldView.

Take the next step to protect your ICS environment now with a free demo.