Tag: manufacturing

10 Attack Reports | 0 Vulnerabilities

Attack reports

Uncovering Qilin attack methods exposed through multiple cases

The ransomware group Qilin has been highly active in 2025, publishing over 40 victim cases per month on its leak site. Manufacturing, professional services, and wholesale trade are the most affected sectors. Attackers likely originate from Eastern Europe or Russian-speaking regions. They use tools …
ransomware
cobalt strike
qilin
systembc
manufacturing
2025-10-27
Published: October 27, 2025
Downloadable IOCs: 17

Werewolf raids Russia's public sector with trusted relationship attacks

Cavalry Werewolf, a malicious actor group, targeted Russian state agencies and enterprises in the energy, mining, and manufacturing sectors from May to August 2025. The attackers used targeted phishing emails, posing as Kyrgyz government officials, to gain initial access. They employed custom malwa…
rat
phishing
russia
government
asyncrat
mining
telegram
reverse shell
manufacturing
kyrgyzstan
2025-10-02
energy
foalshell
stallionrat
Published: October 2, 2025
Downloadable IOCs: 0

How a new PlugX variant abuses DLL search order hijacking

A new campaign targeting telecommunications and manufacturing sectors in Central and South Asian countries has been discovered, delivering a new variant of PlugX. The campaign, active since 2022, shows overlaps between RainyDay and Turian backdoors, including the abuse of legitimate applications fo…
apt
plugx
rainyday
telecommunications
dll hijacking
manufacturing
chinese apt
2025-09-23
backdoordiplomacy
naikon
turian
2025-09-25
Published: September 25, 2025
Downloadable IOCs: 53

ZipLine Phishing Campaign Targets U.S. Manufacturing

A sophisticated phishing campaign called ZipLine is targeting U.S. manufacturing companies, especially those in supply chain-critical sectors. The attackers initiate contact through company contact forms, leading to weeks-long email conversations before delivering malicious payloads. They use legit…
phishing
dns tunneling
manufacturing
2025-08-27
zipline
mixshell
Published: August 27, 2025
Downloadable IOCs: 32

Ransomware incidents in Japan during the first half of 2025

The first half of 2025 saw a 1.4-fold increase in ransomware attacks in Japan compared to the previous year, with 68 confirmed cases. Small and medium-sized enterprises remained the primary targets, with manufacturing being the most affected industry. The ransomware group Qilin emerged as the most …
ransomware
encryption
double-extortion
manufacturing
japan
kawa4096
kawalocker
2025-08-19
kawalocker 2.0
salsa20
small-medium-enterprises
Published: August 19, 2025
Downloadable IOCs: 0

Updated Shadowpad Malware Leads to Ransomware Deployment

A recent investigation revealed Shadowpad malware being used to deploy a new ransomware family in Europe. The threat actor targeted 21 companies across 15 countries, primarily in the manufacturing sector. Access was gained through remote network attacks, exploiting weak passwords and bypassing mult…
ransomware
plugx
shadowpad
impacket
manufacturing
anti-debugging
2025-02-20
dns over https
multi-factor authentication bypass
remote network attacks
intellectual property theft
cqhashdumpv2
Published: February 20, 2025
Downloadable IOCs: 0

Ransomware Roundup – Lynx

The Lynx ransomware, first detected in July 2024, is a Windows-targeting malware that encrypts files and demands ransom for decryption. It shares similarities with the INC ransomware but offers more granular control. Lynx encrypts files with a .LYNX extension, changes desktop backgrounds, and print…
ransomware
windows
encryption
construction
data leak
manufacturing
2025-02-17
brave prince
lynx
Published: February 17, 2025
Downloadable IOCs: 9

CL0P Ransomware: Latest Attacks

The Cl0p ransomware group has recently targeted 43 organizations across various industries, with a focus on Manufacturing, Retail, and Transportation sectors. The majority of victims are located in the US, Canada, and Europe. The attackers likely exploited the Cleo vulnerability (CVE-2024-50623) fo…
ransomware
data exfiltration
transportation
CVE-2024-50623
manufacturing
retail
2025-02-12
ta505
cl0p
cleo vulnerability
evil corp
Published: February 12, 2025
Linked vulnerabilities : CVE-2024-50623 (CVSS 8.8)
Downloadable IOCs: 6

Threat Actor Targets Manufacturing Industry With Malware

A sophisticated cyberattack campaign targeting the manufacturing industry has been identified, utilizing a deceptive LNK file disguised as a PDF document. The attack leverages multiple Living-off-the-Land Binaries and Google Accelerated Mobile Pages to evade detection. The threat actor employs vari…
powershell
lumma stealer
dll sideloading
lnk file
process injection
manufacturing
code injection
2024-12-05
amadey bot
amp url
Published: December 5, 2024
Downloadable IOCs: 0

Attack On Maritime & Defense Manufacturing

The DONOT APT group has launched a campaign targeting Pakistan's manufacturing industry supporting maritime and defense sectors. The attack uses a malicious LNK file disguised as an RTF, which executes PowerShell commands to deliver a lure document and stager malware. The malware establishes persis…
apt
powershell
pakistan
persistence
encryption
defense
lnk file
maritime
2024-11-15
stager
manufacturing
Published: November 15, 2024
Downloadable IOCs: 0
Click here to see more Attack Reports