Security News > 2020 > February > IoT Devices at Major Manufacturers Infected With Malware via Supply Chain Attack
Three of the world's largest manufacturers had some IoT devices running Windows 7 infected with a piece of malware in what experts believe to be a supply chain attack.
TrapX Security reported this week that it had identified a cryptocurrency miner on several IoT devices at some major manufacturers, including automatic guided vehicles, a printer and a smart TV. Ori Bach, the CEO of TrapX, told SecurityWeek that the attacks appeared to be part of the same campaign.
At one manufacturing site, the malware was found on several automatic guided vehicles that were running Windows 7.
The cybersecurity firm believes that in all of these cases the malware was installed on the devices before they reached the manufacturers.
"We believe the attack initially targeted the supply chain, and then any manufacturer that was part of the targeted supply chain was affected," Bach told SecurityWeek.
News URL
Related news
- ⚡ THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More (source)
- Malicious Go Modules Deliver Disk-Wiping Linux Malware in Advanced Supply Chain Attack (source)
- GitHub Action supply chain attack exposed secrets in 218 repos (source)
- Coinbase Initially Targeted in GitHub Actions Supply Chain Attack; 218 Repositories' CI/CD Secrets Exposed (source)
- Chinese FamousSparrow hackers deploy upgraded malware in attacks (source)
- Open-source malware doubles, data exfiltration attacks dominate (source)
- Recent GitHub supply chain attack traced to leaked SpotBugs token (source)
- Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware (source)
- SpotBugs Access Token Theft Identified as Root Cause of GitHub Supply Chain Attack (source)
- That massive GitHub supply chain attack? It all started with a stolen SpotBugs token (source)