ZipLine Phishing Campaign Targets U.S. Manufacturing

Description

A sophisticated phishing campaign called ZipLine is targeting U.S. manufacturing companies, especially those in supply chain-critical sectors. The attackers initiate contact through company contact forms, leading to weeks-long email conversations before delivering malicious payloads. They use legitimate-looking business interactions and AI-related pretexts to build trust. The campaign employs a custom malware called MixShell, which uses DNS TXT tunneling for command and control. The attackers utilize domains matching registered U.S. companies and maintain similar template websites across multiple domains. The campaign primarily targets U.S.-based organizations in industrial manufacturing, hardware, semiconductors, and other sectors, affecting both large enterprises and smaller businesses.