Security Brief: Actor Uses Compromised Accounts, Customized Social Engineering to Target Transport and Logistics Firms with Malware
Sept. 24, 2024, 6:09 p.m.
Tags
External References
Description
A threat actor is targeting transportation and logistics companies in North America with malware campaigns. The actor uses compromised email accounts to inject malicious content into existing conversations, making messages appear legitimate. Campaigns primarily deliver Lumma Stealer, StealC, NetSupport, DanaBot, and Arechclient2 malware. The actor employs Google Drive URLs, .URL files, and SMB for malware delivery, and recently adopted the 'ClickFix' technique. Campaigns are small-scale and highly targeted, with lures impersonating industry-specific software. The activity is believed to be financially motivated and aligns with a trend of sophisticated social engineering combined with commodity malware use in the cybercriminal landscape.
Date
Published: Sept. 24, 2024, 5:44 p.m.
Created: Sept. 24, 2024, 5:44 p.m.
Modified: Sept. 24, 2024, 6:09 p.m.
Indicators
fddacfe9e490250e62f7f30b944fcbe122e87547d01c4a906401049304c395f7
f8b12e6d02ea5914e01f95b5665b3a735acfbb9ee6ae27b004af37547bc11e7f
e7526dadae6b589b6a31f1f7e2e528ed1c9edd9f3d1ca88f0ece0dee349d3842
e5ed1a273faf5174dbd8db9d6d3657b81dc2cbc2e0af28cfe76f41c3d2f2fc37
d45b6b04ac18ef566ac0ecdaf6a1f73d1c3164a845b83e0899c66c608154b93d
cdf160c63f61ae834670fdaf040411511dc2fc0246292603e7aa8cd742d78013
b94bcdf5d6b9f1eb6abe97090993e8c4f66b514dd9c51193f16673e842253d86
ac49ff207e319f79bbd9c80d044d621920d1340f4c53e5e4da39b2a0c758634e
957fe77d04e04ff69fdaff8ef60ac0de24c9eb5e6186b3187460eac6be561f5d
8fe96fb9d820db0072fe0423c13d2d05f81a9cf0fdd6f4e2ee78dc4ca1d37618
582c69b52d68b513f2a137bbf14704df7d787b06752333fc31066669cd663d04
2436fe37d25712b68b2e1a9805825bcf5073efb91588c1b5193ba446d1edd319
37f328fc723b2ddf0e7a20b57257cdb29fe9286cb4ffeaac9253cb3b86520235
1a002631b9b2e685aeb51e8b6f4409daf9bc0159cfd54ef9ad3ba69d651ac2a3
199d6f70f10c259ee09e99e6f1d7f127426999a0ed20536f2662842cd12b5431
163dccdcaa7fdde864573f2aabe0b9cb3fdcdc6785f422f5c2ee71ae6c0e413a
0931217eb498b677e2558fd30d92169cc824914c2df68cfbcff4f642600e2cc2
89.23.98.98
185.217.197.84
live-samsaratrucking.com
idessit.com
ambcrrm.com
ambccm.com
Attack Patterns
DanaBot
Lumma Stealer
Arechclient2
StealC
NetSupport
T1534
T1218.011
T1059.001
T1105
T1204
T1027
T1566
T1078
Additional Informations
Transportation
United States of America