![]() As organizations continue to digitize their operations and rely on interconnected systems, the potential consequences of successful attacks on critical infrastructure are undeniable. “We cannot underestimate the significant risks posed to industrial sectors by the targeted attacks they face. This backdoor implant possesses extensive remote access capabilities. Originally discovered in 2021 during the ExCone campaign targeting government entities, this malware family has since evolved, with new variants surfacing in 2022 to target specifically the infrastructure of industrial organizations.Īdditionally, a novel malware implant, dubbed MeatBall, was discovered during the investigation. Within these attacks, new variants of the FourteenHi malware were implemented. They also deployed command and control (C2) infrastructure on Yandex Cloud as well as on regular virtual private servers (VPS) to maintain control over compromised networks. Notably, the threat actors were extensively using DLL Hijacking techniques again (that is abusing legitimate 3-d party executables, that are vulnerable to loading malicious dynamic linked libraries into their memory) to try and avoid detection while running multiple implants used during 3 attack stages.Ĭloud-based data storage services like Dropbox and Yandex Disk, as well as temporary file-sharing platforms, have been used to exfiltrate data and deliver subsequent malware. These implants enabled the establishment of persistent channels for data exfiltration, including from highly secure systems. ![]() The investigation unveiled the use of advanced implants designed for remote access, showcasing the threat actors’ extensive knowledge and expertise in bypassing security measures. These campaigns exhibited significant resemblances to previously researched attacks, such as ExCone and DexCone, suggesting the involvement of APT31, also known as Judgment Panda and Zirconium. Industries such as manufacturing, industrial control system (ICS) engineering and integration have been particularly affected, emphasizing the urgent need for enhanced cybersecurity preparedness.ĭuring the investigation, Kaspersky uncovered a series of targeted attacks with the objective of establishing a permanent channel for data exfiltration. The investigation has revealed the employment of advanced tactics, techniques, and procedures (TTPs) by threat actors to compromise industrial organizations in the region. Kaspersky has recently concluded an investigation into cyber attacks targeting the industrial sector in Eastern Europe. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |