Cyber Resilience

Threat actor · all actors

HEXANEG1001 unknown

aka HEXANE, Lyceum, Siamesekitten, Spirlin

Last updated: 2026-07-03

0attributed CVEs
52ATT&CK techniques
0.0IDF score (tooling uniqueness)
0exclusive CVEs
years active

About this actor

[HEXANE](https://attack.mitre.org/groups/G1001) is a cyber espionage threat group that has targeted oil & gas, telecommunications, aviation, and internet service provider organizations since at least 2017. Targeted companies have been located in the Middle East and Africa, including Israel, Saudi Arabia, Kuwait, Morocco, and Tunisia. [HEXANE](https://attack.mitre.org/groups/G1001)'s TTPs appear similar to [APT33](https://attack.mitre.org/groups/G0064) and [OilRig](https://attack.mitre.org/groups/G0049) but due to differences in victims and tools it is tracked as a separate entity.(Citation: Dragos Hexane)(Citation: Kaspersky Lyceum October 2021)(Citation: ClearSky Siamesekitten August 2021)(Citation: Accenture Lyceum Targets November 2021)

Source: MITRE ATT&CK

Activity timeline

No activity events recorded.

Profile

CVERiskCVSSEPSSPublishedProducts
No attributed CVEs.

Mitigating controls (NIST 800-53)

ControlTechniques coveredCoverage
SI-419 / 5237%
CM-618 / 5235%
CM-217 / 5233%
AC-314 / 5227%
AC-613 / 5225%
AC-212 / 5223%
CA-712 / 5223%
CM-712 / 5223%
SI-312 / 5223%
AC-59 / 5217%
IA-29 / 5217%
AC-48 / 5215%
SC-78 / 5215%
AC-207 / 5213%
CM-57 / 5213%

Co-occurring actors

None.

Similar actors

Similar TTPs