Threat Actor Targets Manufacturing Industry With Malware

Dec. 6, 2024, 4:25 p.m.

Description

A sophisticated cyberattack campaign targeting the manufacturing industry has been identified, utilizing a deceptive LNK file disguised as a PDF document. The attack leverages multiple Living-off-the-Land Binaries and Google Accelerated Mobile Pages to evade detection. The threat actor employs various techniques, including DLL sideloading and process injection, to deploy Lumma Stealer and Amadey Bot. These malware strains enable the attacker to gain control and exfiltrate sensitive information from victim machines. The campaign's infection chain involves multiple stages of code injection and uses legitimate system tools to execute malicious PowerShell commands. The attackers demonstrate adaptability by using URL shortening and AMP URLs to bypass traditional security mechanisms.

External References

https://cyble.com/blog/threat-actor-targets-manufacturing-industry-with-malware/
https://otx.alienvault.com/pulse/6751e3ee00961faa577adedf
Tags
powershell
lumma stealer
dll sideloading
lnk file
process injection
manufacturing
code injection
2024-12-05
amadey bot
amp url

Date

  • Created: Dec. 5, 2024, 5:33 p.m.
  • Published: Dec. 5, 2024, 5:33 p.m.
  • Modified: Dec. 6, 2024, 4:25 p.m.

Attack Patterns

  • Amadey Bot
  • Lumma Stealer
  • T1574
  • T1218
  • T1071
  • T1055
  • T1020
  • T1036
  • T1204
  • T1027
  • T1053
  • T1566
  • T1059

Additional Informations

  • Manufacturing