International equipment and software suppliers for the industrial sector last May suffered targeted malware attacks that employed numerous unconventional techniques to evade detection, reports Kaspersky ICS CERT experts in a recent blog post.
Utilizing steganography to conceal malicious data within another file, while abusing legitimate web resources to host the malware, the attackers made it highly difficult to detect infection attempts — although Kaspersky said that in all cases that were identifiable, the malware was blocked by its solutions, preventing additional attacks.
The targeted suppliers, whom if compromised could have been abused as a stepping stone to later attack their industrial enterprise clients, are based in Japan, Italy, Germany and the U.K. The contractors were sent phishing emails that were customized to their local languages and contained malicious Microsoft Office documents with malicious, obfuscated macros. If the localization of the intended victim’s operating system didn’t match the language used in the phishing email, the malware would not fully execute.
The macros decrypt and execute a PowerShell script, which in turn selects a URL that resolves to the legitimate public ima ..
Support the originator by clicking the read the rest link below.
