image credit: pixabay
Researchers have recently detected an advanced persistent threat (APT) campaign that targets critical infrastructure equipment manufacturers by using industry-sector-themed spear-phishing emails and a combination of free tools. This tactic fits into the “living off the land” trend of cyberespionage actors reducing their reliance on custom and unique malware programs that could be attributed to them in favor of dual-use tools that are publicly available.
According to industrial cybersecurity firm CyberX, more than half of the targeted companies are based in South Korea, but victims were also detected in China, Thailand, Japan, Indonesia, Turkey, Germany, the UK and Ecuador. While the campaign seems focused on Asia and South Korea in particular, the industrial sector supply chain is global in nature and highly interlinked.
