Novel Iran-linked hacking group takes aim at Middle Eastern energy firms

Security Affairs reports that multiple energy sector organizations across the Middle East have been subjected to attacks from newly emergent Iran-linked threat operation Nasir Security amid intensifying geopolitical tensions in the region. Intrusions involving business email compromise have been aimed at the United Arab Emirates' Dubai Petroleum, Oman's CC Energy Development, and the Al-Safi Oil Company which runs gasoline stations in the Kingdom of Saudi Arabia and other regions as well as an Iraqi oil and gas provider, an analysis from Resecurity revealed. Nasir Security was noted to have exfiltrated data from the organizations' vendors, including construction firms, safety equipment vendors, and engineering entities, as part of the attacks. Such information could then be harnessed by threat actors to facilitate targeted attacks against oil and gas infrastructure. Resecurity researchers have hesitated attributing Nasir Security to a particular country or actor, considering a lull in the group's activity since October, as well as the expected escalation of influence campaigns, psychological operations, and false flag activities.