Virtual Event Now Live: Zero Trust Strategies Summit! - Login for Access
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

US Transportation and Logistics Firms Targeted With Infostealers, Backdoors

A malicious campaign is targeting transportation and logistics organizations in North America with various malware families.

Threat actors are compromising email accounts at transportation and shipping organizations in North America to deliver various malware families, Proofpoint reports.

Starting May 2024, threat actors have been observed injecting malicious content into existing conversations within the compromised inboxes, to deliver malware such as Arechclient2, DanaBot, Lumma Stealer, NetSupport, and StealC.

Most attacks rely on Google Drive links or URL files as attachments that run a malicious payload to fetch an executable from a remote share and install malware, the cybersecurity firm says.

To date, the attackers have compromised roughly 15 email addresses, typically injecting fewer than 20 messages targeting a small number of transportation and logistics companies.

Proofpoint has seen the threat actors impersonating software typically used for transport and fleet operations management, such as Samsara, AMB Logistic, and Astra TMS.

According to the cybersecurity firm, while the observed techniques have been used by other adversaries in previous attacks, it is likely that the threat actor behind this campaign “is purchasing this infrastructure from third party providers”.

“Based on the observed initial access activity, malware delivery, and infrastructure, Proofpoint assesses with moderate confidence the activity aligns with financially motivated, cybercriminal objectives,” the company says.

Proofpoint recommends that organizations in the transport and logistics sector exercise caution when encountering emails from known senders that deviate from the normal communication patterns and content, especially when they contain suspicious links and files.

Advertisement. Scroll to continue reading.

The same applies to individuals working in other industries as well. When encountering suspicious emails, users should contact the sender to verify their authenticity.

“Threat actors are developing more sophisticated social engineering and initial access techniques across the delivery attack chain while relying more on commodity malware rather than complex and unique malware payloads,” Proofpoint notes.

Related: New ‘Hadooken’ Linux Malware Targets WebLogic Servers

Related: Self-Spreading PlugX USB Drive Malware Plagues Over 90k IP Addresses

Related: Thousands of Systems Turned Into Proxy Exit Nodes via Malware

Related: Dozens of ‘Luca Stealer’ Malware Samples Emerge After Source Code Made Public

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Former Darktrace CEO Poppy Gustafsson has joined the UK government as Minister for Investment.

Nupur Goyal has joined cloud identity security and management solutions provider Saviynt as VP of Product Marketing.

Threat intelligence firm Intel 471 has appointed Mark Huebeler as its COO and CFO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.