Cybercriminals Target Industrial Organizations in Information Theft Campaign

A mysterious cybercrime group apparently driven by profit has been targeting industrial organizations in Europe, Asia and North America as part of an information theft campaign.

The campaign was detailed in September 2020 by cybersecurity firm Zscaler, which warned at the time that the hackers had been targeting oil and gas supply chain industries in the Middle East using the trojan known as AZORult.

These attacks are ongoing, according to DeNexus, a California-based provider of cyber risk modeling for industrial networks, which on Thursday published a report detailing this campaign, its evolution, and additional victims.

DeNexus reported seeing targets and victims in various countries, and noted that in addition to AZORult, the attackers have been spotted using information-stealing malware such as AgentTesla, Formbook, Masslogger and Matiex.

The malware is delivered using spear phishing emails that purport to come from legitimate companies, including from within the victim organization itself and other companies that the victim might do business with. In more recent attacks, the cybercriminals have put more effort into these emails, including by registering domains with names similar to the one of the targeted firm.

While the hackers appear to be mainly interested in oil and gas supply chain industries in the Middle East, they have also been seen targeting other types of organizations in other regions.

Learn More About Threats to Industrial Systems at SecurityWeek’s ICS Cyber Security Conference and SecurityWeek’s Security Summits Virtual Event Series

DeNexus said the list of ..