Threat Management

Building automation systems compromised with ProxyLogon exploits

Several Asian entities had their building automation systems attacked by a Chinese advanced persistent threat group linked to Hafnium, another Chinese APT, which leveraged ProxyLogon exploits to infiltrate their networks, reports BleepingComputer. Chinese attackers were discovered by Kaspersky researchers to have commenced the attacks in March 2021 with the use of the ShadowPad backdoor disguised as legitimate software. Other malware and tools, such as the PlugX backdoor, Cobalt Strike framework, credential theft scripts, web shells, and the open-source nextnet network scanner, have been distributed in the campaign presumed to be looking for sensitive data. "We strongly believe that those systems themselves could be a valuable source of highly confidential information. Additionally, we believe there is a chance that they also provide attackers with a backdoor to other, more strictly secured, infrastructure. We believe that it is highly likely that this threat actor will strike again and we will find new victims in different countries," said the report.

Related

SynLab Italia disrupted by cyberattack

Operations at major medical diagnosis service provider Synlab Italia's laboratories, medical centers, and sampling points have been disrupted by a cyberattack on April 18, which initially temporarily interrupted telephone and computer access before resulting in the complete takedown of its computer systems, Security Affairs reports.

Antivirus updates exploited for GuptiMiner malware deployment

Intrusions hijacking the eScan antivirus software's updating mechanism have been conducted by threat actors suspected to be linked to North Korean advanced persistent threat operation Kimsuky to facilitate the delivery of the sophisticated GuptiMiner malware that would then distribute cryptocurrency mining payloads, according to BleepingComputer.

South Korean defense firms subjected to North Korean APT attacks

North Korean state-sponsored advanced persistent threat operations Lazarus Group, Kimsuky, and Andariel were noted by South Korea's National Police Agency to have targeted several South Korean defense industry entities since late 2022 in a bid to obtain intelligence regarding defense technologies, reports Security Affairs.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.