Industrial Cyber-Espionage Campaign Targets Hundreds of Companies (Dec 17, 2019)
Researchers from Cyberx’S threat intelligence team “Section 52” have recently investigated an Advanced Persistent Threat (APT) cyber-espionage campaign targeting industrial controls and critical infrastructure in South Korea, Thailand, China, Japan, Indonesia, Turkey, Ecuador, Germany and the United Kingdom. 57.4% of the targets were South Korea, where victims included equipment supplying chemical plants, power transmission and distribution facilities or firms in the renewable energy sector. The attack began with spear phishing emails, one of the samples purporting to be a request for quote (RFQ) for designing a power plant in the Czech Republic. CyberX researchers found that malware used in the campaign included the Separ info-stealer which was first reported on in 2013.
Recommendation: The focus of this APT campaign is the supply chain. Defense-in-Depth is the best way to ensure safety from APTs. Defense-in-Depth involves the layering of defence mechanisms. This can include network and end-point security, social engineering training (such as training exercises to help detect phishing emails) for staff and robust threat intelligence capabilities.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.