216.73.217.22

Libyan Oil Refinery Among Targets in Long-running Likely Espionage Campaign

· Published 20/03/2026 21:15 · Modified 23/03/2026 09:58

Export JSON

Essential information

Published
20/03/2026 21:15
Modified
23/03/2026 09:58
Tags
2026-03-20 asyncrat backdoor espionage oil refinery spear-phishing state-sponsored
Related entities
29 observables, 12 techniques (mitre), 1 malware, 5 others

Description

A series of attacks targeting Libyan organizations, including an , a telecoms organization, and a state institution, occurred between November 2025 and February 2026. The campaign utilized the , delivered through emails with Libya-themed lure documents. The attackers exploited current events, such as the assassination of Saif al-Gaddafi, to gain access to networks. The modular nature of and the targeted organizations suggest possible state sponsorship. The campaign's focus on Libya and its oil industry is notable, given the country's increased oil production and global energy supply concerns amidst Middle East conflicts.

Related entities

Vulnerabilities, IOCs, intrusion sets, MITRE techniques and other entities referenced in this report.

Observables (29)

  • https://hs8.krakenfiles.com/uploads/15-02-2026/JCaF7rrPQm/image.png.
  • c03120163d9401d66d482899421d9dd68db63d34bac2b32e3090e8ad0b911d83
  • ad4e27fe06fae2325faa2a00be7b41f40aa9c63fe79713597b3330ad7e583ca8
  • 22a1cf91fbac104e2dd374dd06e93488cfdf216890088ef18318d90f440f00f6
  • 3d5ada3b035e2adc8de1db24ab9d8e0e828eec1b7601ed9d064b41fa9d026a34
  • cd7e16ca636f6e5cb86cd41561d57620a131a26b53c6e25a36edcbbcb2b5276a
  • b4a3f2f5091df7174e82283ed59cd557eea2e8ddd7a018dafc5e8151fd683429
  • 12c65ac4e02313ed1aa2d32d56428f0a135b281604d536e5ae6ca08b6b4232c9
  • 0f3344e672d1ea6cde382b68b27063ed766fced717e9f5f2e15e6c79ce0737f7
  • 34ae832427b03df5f8cb90e78b5b174665c19602575b37fc7cad8100978898d2
  • ece81cdc6fc12a07a984b98df58e34c92998cdd957e1f45cabd925056bb0f92e
  • 946ae65e508acb4dbf6b29432889511a76636453cc04256230fbce25cef86b6a
  • 3101cc378db2665eb2969b62e28efb9bfd5ca6f9bd3ebc27b422d5a29bfd1b17
  • f8d2c5cb898cf92495fdcb7e20f509603e1bdd62ba4b61bd7694a8e33a4c738f
  • 39eade26c5680d20f5a8032a0d3996a29058e52c147e4b49a2072d2dcb353325
  • ad796fc0ac17b58e47dbadd42bf164790c18ac67aade8c6bf2251056ef68138d
  • c2a2c2b26b235bad31a352e1fd475794167ec79928c52d98bccb3607e932c7b2
  • 43c5d9a267742ee3c6c9bcf3e6f63ec397fbe0233a5d99bdb7dacbfa1a0f69d5
  • 85e01e36b7b2b90af79642732a17dd566af0b10a85fd8a4cc85ea11583a0ff00
  • 0499152c6dd775491ce099eee4c382a94f72c07031081db164de921effa9664f
  • f8b5a5429fb1da677ab8c09fc95b26e3b3d8bcd27521a56cc835fbf5878dbcd8
  • f307f8fa89b9f9eb8c2ae346055dffb80c93f56034aa3abe7a8a25d6e5e680c6
  • 5b573743306a2324608fdbd9c5cceba6bd5abfaccd1ea8b94c60f73da279e636
  • c3eef096073dd0873a821c35dd2e7eaf391863264ab72e1b91f2ca73218c2d04
  • 1d32f451d18c3dc8dbf00cd7df1200f83efa27cbaddeb9b2bed726e6d08ef5b1
  • 9843874eb6217a79ba5a51a6a886745169b1a1ad43f7ae12de6e610324e88ab7
  • eb76f0797c27821635992ef23a570fe3a11c848998bc9f7735e968adc6b2f33c
  • 3ca93362559db4da9d44d614345cbdfdb81d882367af05651bb718e1cc57ab08
  • d884a17046bbefd73f76f88533e1f2da40d5233b15caa48245de65d2c19c50dc

Techniques (MITRE) (12)

Malware (1)

  • AsyncRAT
    Family
    Published 11/06/2026 16:31 · Modified 11/06/2026 16:31

Others (5)

  • Libya
  • Energy
  • Telecommunications
  • Government
  • hs8.krakenfiles.com

External references