Security News > 2022 > January > ‘Anomalous’ spyware stealing credentials in industrial firms
Researchers have uncovered several spyware campaigns that target industrial enterprises, aiming to steal email account credentials and conduct financial fraud or resell them to other actors.
Kaspersky calls these spyware attacks 'anomalous' because of their very short-lived nature compared to what is considered typical in the field.
More specifically, the lifespan of the attacks is limited to roughly 25 days, whereas most spyware campaigns last for several months or even years.
The number of attacked systems in these campaigns is always below one hundred, half of which are ICS machines deployed in industrial environments.
"Curiously, corporate antispam technologies help the attackers stay unnoticed while exfiltrating stolen credentials from infected machines by making them 'invisible' among all the garbage emails in spam folders." - explains Kaspersky's report.
Many of the email RDP, SMTP, SSH, cPanel, and VPN account credentials stolen in these campaigns are posted on dark web marketplaces and eventually sold to other threat actors.