Close Menu
Indo Guard OnlineIndo Guard Online
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
What's Hot

Why is built -in protection insufficient for modern data sustainability

June 26, 2025

Iranian APT35 hackers are oriented

June 26, 2025

Cyber-Cyber ​​Use open source tools to compromise financial institutions across Africa

June 26, 2025
Facebook X (Twitter) Instagram
Facebook X (Twitter) Instagram YouTube
Indo Guard OnlineIndo Guard Online
Subscribe
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
Indo Guard OnlineIndo Guard Online
Home » Transport companies have been hit by cyber attacks using the Lumma Stealer and NetSupport malware
Global Security

Transport companies have been hit by cyber attacks using the Lumma Stealer and NetSupport malware

AdminBy AdminSeptember 25, 2024No Comments3 Mins Read
Transportation Companies Hit by Cyberattacks
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link


September 25, 2024Ravi LakshmananEmail Security / Threat Intelligence

Transport companies have suffered from cyber attacks

Transportation and logistics companies in North America are being targeted by a new phishing campaign that delivers a variety of information stealers and remote access trojans (RATs).

The cluster of activity, according to Proofpoint, uses compromised legitimate email accounts belonging to trucking and transportation companies to inject malicious content into existing email conversations.

15 compromised email accounts used in the campaign were identified. It is currently unclear how these accounts were hacked in the first place or who is behind the attacks.

“Activities occurring between May and July 2024 primarily featured Lumma Stealer, StealC, or NetSupport,” an enterprise security firm said in an analysis published on Tuesday.

Cyber ​​security

“In August 2024, the attacker changed tactics, using new infrastructure and a new delivery technique, and adding payloads to deliver DanaBot and Arechclient2.”

Attack chains involve sending messages with Internet Shortcut (.URL) or Google Drive URL attachments that lead to a .URL file that, when executed, uses a Server Message Block (SMB) to deliver a next-stage payload containing the malware. from remote sharing.

Some options of the company observed in August 2024 also anchored on a recently popular technique called Click Fix to trick victims into downloading the DanaBot malware under the guise of solving a problem with displaying document content in a web browser.

Specifically, this involves encouraging users to copy and paste a Base64-encoded PowerShell script into a terminal, thereby starting the infection process.

“These companies mimicked Samsara, AMB Logistic and Astra TMS, software that would only be used in transportation and fleet management,” Proofpoint said.

“The specific targeting and compromises of organizations in the transportation and logistics sector, as well as the use of decoys that mimic software specifically designed for freight operations and fleet management, indicate that the actor likely conducts research on the target company’s operations before sending the campaigns.”

The disclosure comes amid the emergence of various strains of malware such as An evil kidnapper, BLX Hijacker (aka XLABB Stealer), Emansrepo Stealer, Gomora’s kidnapper, Luxury, Poseidon, PowerShell keylogger, QWERTY hijacker, Taliban Stealer, X-FILES Stealeras well as a duplicate variant associated with CryptBot Another stupid theft (JASS).

Cyber ​​security

It also follows the appearance of a new version of RomCom RAT, the successor GORAHIKAVY (aka RomCom 4.0) codenamed SnipBot, which spreads via fake links embedded in phishing emails. Some aspects of the campaign were earlier highlighted by the Emergency Response Team of Ukraine (CERT-UA) in July 2024.

“SnipBot gives an attacker the ability to execute commands and download additional modules to a victim’s system,” Palo Alto Networks Unit 42 researchers Yaran Samuel and Dominic Reichel said.

“The initial payload is always either an executable downloader disguised as a PDF file or a real PDF file sent to the victim in an email that leads to the executable.”

While RomCom-infected systems have also seen ransomware deployments in the past, the cybersecurity company noted the absence of such behavior, raising the possibility that the threat behind the Tropical Scorpius (aka Void Rabisu) malware , moved from pure financial gain to espionage.

Did you find this article interesting? Follow us Twitter  and LinkedIn to read more exclusive content we publish.





Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Admin
  • Website

Related Posts

Why is built -in protection insufficient for modern data sustainability

June 26, 2025

Iranian APT35 hackers are oriented

June 26, 2025

Cyber-Cyber ​​Use open source tools to compromise financial institutions across Africa

June 26, 2025

CISA adds 3 flaws to KEV directory, affecting AMI Megarac, D-Link, Fortinet

June 26, 2025

WhatsApp adds resumes that run on AI, for faster preview chat

June 26, 2025

Noauth vulnerability by -still affects 9% Microsoft Entra Saas applications two years after opening

June 25, 2025
Add A Comment
Leave A Reply Cancel Reply

Loading poll ...
Coming Soon
Do You Like Our Website
: {{ tsp_total }}

Subscribe to Updates

Get the latest security news from Indoguardonline.com

Latest Posts

Why is built -in protection insufficient for modern data sustainability

June 26, 2025

Iranian APT35 hackers are oriented

June 26, 2025

Cyber-Cyber ​​Use open source tools to compromise financial institutions across Africa

June 26, 2025

CISA adds 3 flaws to KEV directory, affecting AMI Megarac, D-Link, Fortinet

June 26, 2025

WhatsApp adds resumes that run on AI, for faster preview chat

June 26, 2025

Noauth vulnerability by -still affects 9% Microsoft Entra Saas applications two years after opening

June 25, 2025

Citrix releases emergency patches for actively exploited CVE-2025-6543 in ADC NetsCale

June 25, 2025

Citrix bleeding 2 defects provides tokens theft; Disadvantages SAP GUI Risk sensitive to data, impact of data

June 25, 2025
About Us
About Us

Provide a constantly updating feed of the latest security news and developments specific to Indonesia.

Facebook X (Twitter) Pinterest YouTube WhatsApp
Our Picks

Why is built -in protection insufficient for modern data sustainability

June 26, 2025

Iranian APT35 hackers are oriented

June 26, 2025

Cyber-Cyber ​​Use open source tools to compromise financial institutions across Africa

June 26, 2025
Most Popular

In Indonesia, crippling immigration ransomware breach sparks privacy crisis

July 6, 2024

Why Indonesia’s Data Breach Crisis Calls for Better Security

July 6, 2024

Indonesia’s plan to integrate 27,000 govt apps in one platform welcomed but data security concerns linger

July 6, 2024
© 2025 indoguardonline.com
  • Home
  • About us
  • Contact us
  • Privacy Policy

Type above and press Enter to search. Press Esc to cancel.