A cyber adversary in possession of both ransomware and point-of-sale malware was recently found to have obtained “a deep level of access” to the infrastructures of at least two targets, including a U.S.-based aluminum and stainless steel gratings company, researchers have reported.
Judging by the choice of targets, the actor has a particular interest in medium-sized organizations that operate in the industrial sector, according to a Nov. 4 blog post by Cisco’s Talos security intelligence and research group.
Talos has not publicly provide any details on the second victim, but both targets were privately notified of the compromise.
The researchers uncovered the two victims while examining a malicious server they had discovered. The server hosted seven DopplePaymer ransomware binaries that were uploaded between Oct. 5 and Oct. 20, a sample of TinyPOS point-of-sale software that was uploaded on Sept. 26, and an svchost.exe malicious loader. Additionally, they observed the post-exploitation credentials-dumping tool Mimikatz, the PsExec command-line tool that lets users execute processes on remote system ..
Support the originator by clicking the read the rest link below.
