Industrial organizations have always been among the top targets of cybercriminals when it comes to stealing sensitive information for financial motives. Recently, one such campaign has been observed targeting industrial organizations across the globe.
A mysterious cybercrime group, which is apparently driven by financial profits, is behind an attack campaign targeting oil and gas supply chain industries in Europe, the Middle East, Asia Pacific, and North America.
- The list of targeted companies includes a commercial refrigerator supplier, a provider of heavy electrotechnical equipment, a manufacturer of optical components, and a smart automation solutions provider in Europe.
- In APAC, attackers targeted an industrial process and factory automation firm, a construction materials manufacturer, and a transportation services company.
- In the Middle East, they had targeted international maritime organizations and a U.S.-based manufacturer of anti-slip covers in North America.
- In addition, there are several other organizations across the globe that are being actively targeted by this actor.
- The group has put effort into making spear-phishing emails look legitimate by registering domains with names similar to the targeted firms.
- The attackers have been using information-stealing malware such as AZORult, AgentTesla, Formbook, Masslogger, and Matiex.
Connection with the past
This attack campaign is not an entirely new one and it appears to be an evolved version of an older campaign, first disclosed by ZScaler in September 2020.
- The earlier campaign was only using AZORult trojan, while the recent one uses a plethora of malicious tools.
- After the release of the ZScaler report on this operation, the attacker took additional steps to evade detection, and has started using the compromised companies’ email accounts as C2 servers.
Reports suggest that the motive of this threat actor is to gain profits by stealing information. However, intruding into such industrial facilities may grant the attackers the capability to move to OT networks and cause some severe damage. Therefore, organizations are recommended to follow appropriate security measures to stay protected from such threats.