September 25, 2024 at 03:48AM
A new phishing campaign targets transportation and logistics companies in North America, using compromised email accounts to distribute information stealers and remote access trojans. The campaign has evolved with new infrastructure and techniques, including the use of ClickFix to trick victims into downloading malware. Several stealer malware strains have also emerged recently.
Based on the meeting notes, it is clear that transportation and logistics companies in North America are being targeted by a new phishing campaign. The threat actors are using compromised legitimate email accounts belonging to transportation and shipping companies to inject malicious content into existing email conversations.
The campaign has evolved over time, with the threat actor changing tactics and employing new infrastructure and delivery techniques. The attack chains involve sending messages with internet shortcut (.URL) attachments or Google Drive URLs leading to a .URL file that, when launched, uses Server Message Block (SMB) to fetch the next-stage payload containing the malware from a remote share.
The phishing campaigns have impersonated software specifically designed for freight operations and fleet management, indicating that the threat actor likely conducts research into the targeted company’s operations before sending campaigns.
Additionally, the emergence of various stealer malware strains and a new version of the RomCom RAT indicate an ongoing and evolving threat landscape.
Furthermore, it’s worth noting that the cybersecurity company pointed out the absence of ransomware deployments, raising the possibility that the threat behind the malware has shifted from pure financial gain to espionage.
Overall, the meeting notes highlight the increasing sophistication and variety of threats targeting transportation and logistics companies in North America.