Spyware Blitzes Compromise, Cannibalize ICS Networks

2022-01-21 14:10

Attackers are targeting industrial enterprises with spyware campaigns that hunt for corporate credentials so they can be used both for financial gain and to cannibalize compromised networks to propagate future attacks, researchers have found.

Researchers dubbed the attacks "Anomalous" because they veer from typical spyware attacks, Kaspersky's Kirill Kruglov wrote in a report published this week on the SecureList blog.

The attackers use SMTP services of industrial enterprises not only to send spearphishing emails but also to collect data stolen by spyware as a one-way command-and-control so they can mount future attacks, Kruglov explained.

"The attackers use corporate mailboxes compromised in earlier attacks as the C2 servers for new attacks."

The malware used in the attacks typically belong to "Well-known commodity spyware families," such as AgentTesla/Origin Logger, HawkEye, Noon/Formbook, Masslogger, Snake Keylogger, Azorult and Lokibot, he noted.

"These attacks stand out from the mainstream due to a very limited number of targets in each attack and a very short lifetime of each malicious sample," Kruglov wrote.

News URL

https://threatpost.com/spyware-blitzes-compromise-cannibalize-ics-networks/177851/

#compromise #ICS #spyware