September 26, 2024 at 07:55AM
Threat actors are targeting transportation and shipping organizations in North America, compromising email accounts to deliver various malware families like Arechclient2, DanaBot, Lumma Stealer, NetSupport, and StealC. The attacks involve injecting malicious content into compromised inboxes and using Google Drive links or URL files to deliver malware. Proofpoint advises caution and verification of emails from known senders.
From the meeting notes, it is clear that threat actors are targeting transportation and shipping organizations in North America through compromised email accounts to deliver various malware families. These attacks involve injecting malicious content into existing conversations within compromised inboxes, with malware such as Arechclient2, DanaBot, Lumma Stealer, NetSupport, and StealC being delivered since May 2024.
The attackers are using Google Drive links or URL files as attachments to deliver malware payloads and have compromised roughly 15 email addresses. The threat actors are also impersonating software commonly used for transport and fleet operations management.
Based on this information, the cybersecurity firm, Proofpoint, assesses with moderate confidence that the activity aligns with financially motivated, cybercriminal objectives. In response, Proofpoint recommends that organizations in the transport and logistics sector exercise caution when encountering emails from known senders that deviate from normal communication patterns and contain suspicious links and files. The same caution applies to individuals working in other industries.
Threat actors are increasingly using more sophisticated social engineering and initial access techniques across the attack chain while relying more on commodity malware, according to Proofpoint. This highlights the growing need for vigilance and verification when encountering suspicious emails.