Threat Actor Targets Manufacturing Industry With Malware

Tags

External References

• https://cyble.com/
• https://otx.alienvault.com/

Description

A sophisticated cyberattack campaign targeting the manufacturing industry has been identified, utilizing a deceptive LNK file disguised as a PDF document. The attack leverages multiple Living-off-the-Land Binaries and Google Accelerated Mobile Pages to evade detection. The threat actor employs various techniques, including DLL sideloading and process injection, to deploy Lumma Stealer and Amadey Bot. These malware strains enable the attacker to gain control and exfiltrate sensitive information from victim machines. The campaign's infection chain involves multiple stages of code injection and uses legitimate system tools to execute malicious PowerShell commands. The attackers demonstrate adaptability by using URL shortening and AMP URLs to bypass traditional security mechanisms.

Date