Today > | 3 Medium vulnerabilities   -   You can now download lists of IOCs here!

Security Brief: Actor Uses Compromised Accounts, Customized Social Engineering to Target Transport and Logistics Firms with Malware

Sept. 24, 2024, 6:09 p.m.

Description

A threat actor is targeting transportation and logistics companies in North America with malware campaigns. The actor uses compromised email accounts to inject malicious content into existing conversations, making messages appear legitimate. Campaigns primarily deliver Lumma Stealer, StealC, NetSupport, DanaBot, and Arechclient2 malware. The actor employs Google Drive URLs, .URL files, and SMB for malware delivery, and recently adopted the 'ClickFix' technique. Campaigns are small-scale and highly targeted, with lures impersonating industry-specific software. The activity is believed to be financially motivated and aligns with a trend of sophisticated social engineering combined with commodity malware use in the cybercriminal landscape.

Date

Published: Sept. 24, 2024, 5:44 p.m.

Created: Sept. 24, 2024, 5:44 p.m.

Modified: Sept. 24, 2024, 6:09 p.m.

Indicators

fddacfe9e490250e62f7f30b944fcbe122e87547d01c4a906401049304c395f7

f8b12e6d02ea5914e01f95b5665b3a735acfbb9ee6ae27b004af37547bc11e7f

e7526dadae6b589b6a31f1f7e2e528ed1c9edd9f3d1ca88f0ece0dee349d3842

e5ed1a273faf5174dbd8db9d6d3657b81dc2cbc2e0af28cfe76f41c3d2f2fc37

d45b6b04ac18ef566ac0ecdaf6a1f73d1c3164a845b83e0899c66c608154b93d

cdf160c63f61ae834670fdaf040411511dc2fc0246292603e7aa8cd742d78013

b94bcdf5d6b9f1eb6abe97090993e8c4f66b514dd9c51193f16673e842253d86

ac49ff207e319f79bbd9c80d044d621920d1340f4c53e5e4da39b2a0c758634e

957fe77d04e04ff69fdaff8ef60ac0de24c9eb5e6186b3187460eac6be561f5d

8fe96fb9d820db0072fe0423c13d2d05f81a9cf0fdd6f4e2ee78dc4ca1d37618

582c69b52d68b513f2a137bbf14704df7d787b06752333fc31066669cd663d04

2436fe37d25712b68b2e1a9805825bcf5073efb91588c1b5193ba446d1edd319

37f328fc723b2ddf0e7a20b57257cdb29fe9286cb4ffeaac9253cb3b86520235

1a002631b9b2e685aeb51e8b6f4409daf9bc0159cfd54ef9ad3ba69d651ac2a3

199d6f70f10c259ee09e99e6f1d7f127426999a0ed20536f2662842cd12b5431

163dccdcaa7fdde864573f2aabe0b9cb3fdcdc6785f422f5c2ee71ae6c0e413a

0931217eb498b677e2558fd30d92169cc824914c2df68cfbcff4f642600e2cc2

89.23.98.98

185.217.197.84

live-samsaratrucking.com

idessit.com

ambcrrm.com

ambccm.com

Attack Patterns

DanaBot

Lumma Stealer

Arechclient2

StealC

NetSupport

T1534

T1218.011

T1059.001

T1105

T1204

T1027

T1566

T1078

Additional Informations

Transportation

United States of America