Threat actor · all actors
HEXANEG1001 unknown
aka HEXANE, Lyceum, Siamesekitten, Spirlin
Last updated: 2026-07-03
About this actor
[HEXANE](https://attack.mitre.org/groups/G1001) is a cyber espionage threat group that has targeted oil & gas, telecommunications, aviation, and internet service provider organizations since at least 2017. Targeted companies have been located in the Middle East and Africa, including Israel, Saudi Arabia, Kuwait, Morocco, and Tunisia. [HEXANE](https://attack.mitre.org/groups/G1001)'s TTPs appear similar to [APT33](https://attack.mitre.org/groups/G0064) and [OilRig](https://attack.mitre.org/groups/G0049) but due to differences in victims and tools it is tracked as a separate entity.(Citation: Dragos Hexane)(Citation: Kaspersky Lyceum October 2021)(Citation: ClearSky Siamesekitten August 2021)(Citation: Accenture Lyceum Targets November 2021)
Source: MITRE ATT&CK
Activity timeline
No activity events recorded.
Profile
| CVE | Risk | CVSS | EPSS | Published | Products |
|---|---|---|---|---|---|
| No attributed CVEs. | |||||
T1010T1016T1016.001T1018T1021T1021.001T1027T1027.010T1033T1049T1053T1053.005T1056T1056.001T1057T1059T1059.001T1059.005T1069T1069.001T1082T1102T1102.002T1105T1110T1110.003T1204T1204.002T1518T1534T1546T1546.003T1555T1555.003T1567T1567.002T1583T1583.001T1583.002T1585T1585.001T1585.002T1586T1586.002T1588T1588.002T1589T1589.002T1591T1591.004T1608T1608.001
Mitigating controls (NIST 800-53)
| Control | Techniques covered | Coverage |
|---|---|---|
SI-4 | 19 / 52 | 37% |
CM-6 | 18 / 52 | 35% |
CM-2 | 17 / 52 | 33% |
AC-3 | 14 / 52 | 27% |
AC-6 | 13 / 52 | 25% |
AC-2 | 12 / 52 | 23% |
CA-7 | 12 / 52 | 23% |
CM-7 | 12 / 52 | 23% |
SI-3 | 12 / 52 | 23% |
AC-5 | 9 / 52 | 17% |
IA-2 | 9 / 52 | 17% |
AC-4 | 8 / 52 | 15% |
SC-7 | 8 / 52 | 15% |
AC-20 | 7 / 52 | 13% |
CM-5 | 7 / 52 | 13% |
Co-occurring actors
None.
Similar actors
Similar TTPs
- Magic Hound 0.29
- APT42 0.27
- Sandworm Team 0.27
- FIN8 0.26
- TA2541 0.25