April 19, 2024

Industrial organizations have always been among the top targets of cybercriminals when it comes to stealing sensitive information for financial motives. Recently, one such campaign has been observed targeting industrial organizations across the globe.

A mysterious cybercrime group, which is apparently driven by financial profits, is behind an attack campaign targeting oil and gas supply chain industries in Europe, the Middle East, Asia Pacific, and North America.

  • The list of targeted companies includes a commercial refrigerator supplier, a provider of heavy electrotechnical equipment, a manufacturer of optical components, and a smart automation solutions provider in Europe.
  • In APAC, attackers targeted an industrial process and factory automation firm, a construction materials manufacturer, and a transportation services company.
  • In the Middle East, they had targeted international maritime organizations and a U.S.-based manufacturer of anti-slip covers in North America.
  • In addition, there are several other organizations across the globe that are being actively targeted by this actor.

Attack tactics

  • The group has put effort into making spear-phishing emails look legitimate by registering domains with names similar to the targeted firms.
  • The attackers have been using information-stealing malware such as AZORult, AgentTesla, Formbook, Masslogger, and Matiex.

Connection with the past

This attack campaign is not an entirely new one and it appears to be an evolved version of an older campaign, first disclosed by ZScaler in September 2020.

  • The earlier campaign was only using AZORult trojan, while the recent one uses a plethora of malicious tools.
  • After the release of the ZScaler report on this operation, the attacker took additional steps to evade detection, and has started using the compromised companies’ email accounts as C2 servers.

Conclusion

Reports suggest that the motive of this threat actor is to gain profits by stealing information. However, intruding into such industrial facilities may grant the attackers the capability to move to OT networks and cause some severe damage. Therefore, organizations are recommended to follow appropriate security measures to stay protected from such threats.

Tags:

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You may have missed

Windows New Privilege Escalation on Sale in dark forum

April 19, 2024

HashiCorp Critical Vulnerability – CVE-2024-3817

April 18, 2024

Cisco Integrated Management Controller Vulnerabilities

April 18, 2024

Windows Kernel Vulnerability – CVE-2024-21338 PoC Exploit Released

April 17, 2024

Cisco Duo Identify Data Breach

April 17, 2024

Tanium new Automate Feature

April 16, 2024

Discover more from TheCyberThrone

Subscribe now to keep reading and get access to the full archive.

Continue reading