Security News > 2020 > May > Industrial Suppliers in Japan, Europe Targeted in Sophisticated Attacks
Threat actors have targeted industrial suppliers in Japan and several European countries in sophisticated attacks that employed various techniques to make malware detection and analysis more difficult, Kaspersky's ICS CERT unit reported on Thursday.
The first attacks were spotted in early 2020 and, as of early May, Kaspersky has seen targeted organizations in Japan, Italy, Germany and the UK. The cybersecurity firm says the targets supply equipment and software for industrial organizations, particularly for the energy sector.
According to Kaspersky, the attacks start with a phishing email sent to the targeted organization.
Another interesting technique observed in these attacks involves the use of an exception message as the decryption key for a malicious payload. "This technique can help the malware evade detection in automatic analysis systems of the sandbox class and makes analyzing the functionality of the malware significantly more difficult for researchers if they do not know what language pack was used on the victim's computer," Kaspersky said.
"The use of the above techniques, combined with the pinpoint nature of the infections, indicates that these were targeted attacks. It is a matter of concern that attack victims include contractors of industrial enterprises. If the attackers are able to harvest the credentials of a contractor organization's employees, this can lead to a range of negative consequences, from the theft of sensitive data to attacks on industrial enterprises via remote administration tools used by the contractor," the company added.