Connect with us

Hi, what are you looking for?


Cyber Insurance

IoT Devices at Major Manufacturers Infected With Malware via Supply Chain Attack

Three of the world’s largest manufacturers had some IoT devices running Windows 7 infected with a piece of malware in what experts believe to be a supply chain attack.

Three of the world’s largest manufacturers had some IoT devices running Windows 7 infected with a piece of malware in what experts believe to be a supply chain attack.

TrapX Security reported this week that it had identified a cryptocurrency miner on several IoT devices at some major manufacturers, including automatic guided vehicles, a printer and a smart TV.

Ori Bach, the CEO of TrapX, told SecurityWeek that the attacks appeared to be part of the same campaign. He said his company’s researchers discovered infections at three manufacturers, with multiple incidents recorded across over 50 sites in the Middle East, North America and Latin America.

The infections were spotted in October 2019 and the attackers targeted embedded systems running Windows 7. Windows 7 reached end of life last month, but there are still hundreds of millions of PCs worldwide that run the operating system.

The malware used in the campaign has been described as a self-spreading downloader that runs malicious scripts associated with a cryptocurrency miner named Lemon_Duck.

Malware found on AGV

At one manufacturing site, the malware was found on several automatic guided vehicles (AGVs) that were running Windows 7. AGVs are used to transport materials or perform specific tasks in a manufacturing plant.

According to TrapX, “the malware spread quickly enough to be extremely disruptive.” The cybersecurity firm noted that if communications are disrupted or incorrect commands are generated by the malware, the vehicle could go off track and cause physical damage or harm people, but in this case action was taken before severe damage could occur.

Advertisement. Scroll to continue reading.

An infection was also spotted on a smart TV that had a built-in PC running Windows 7. The device was connected to the manufacturing network and it provided production data to employees in charge of the production line. TrapX’s researchers determined that the attacker exploited a vulnerability in Windows 7 to install the malware on the TV and that the crypto-miner had been deployed several months earlier.

“The threat could have compromised the entire network, including other companies that had assets within both the enterprise and the manufacturing networks,” TrapX said in its report.

In another example, the malware was spotted on a DesignJet SD Pro multifunction printer, which had been used to print technical engineering drawings and which stored sensitive data related to the victim’s product line. TrapX says this device served as the entry point into the victim’s network.

“The DesignJet SD Pro scanner/printer was a core component of the manufacture; any device downtime would have caused a production delay,” TrapX said in its report.

The cybersecurity firm believes that in all of these cases the malware was installed on the devices before they reached the manufacturers.

“We believe the attack initially targeted the supply chain, and then any manufacturer that was part of the targeted supply chain was affected,” Bach told SecurityWeek.

Related: Zurich Announces New Cyber Insurance for Manufacturing Industry

Related: SWEED Hackers Target Manufacturing, Logistics Organizations

Related: Hackers Steal Customer Data From Manufacturing Company

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.