216.73.216.86

Security Brief: Actor Uses Compromised Accounts, Customized Social Engineering to Target Transport and Logistics Firms with Malware

· Published 24/09/2024 17:44 · Modified 24/09/2024 18:09

Export JSON

Essential information

Published
24/09/2024 17:44
Modified
24/09/2024 18:09
Tags
2024-09-24 danabot lumma stealer transportation
Related entities
23 observables, 8 techniques (mitre), 5 malware, 2 others

Description

A threat actor is targeting and logistics companies in North America with malware campaigns. The actor uses compromised email accounts to inject malicious content into existing conversations, making messages appear legitimate. Campaigns primarily deliver , StealC, NetSupport, , and Arechclient2 malware. The actor employs Google Drive URLs, .URL files, and SMB for malware delivery, and recently adopted the 'ClickFix' technique. Campaigns are small-scale and highly targeted, with lures impersonating industry-specific software. The activity is believed to be financially motivated and aligns with a trend of sophisticated social engineering combined with commodity malware use in the cybercriminal landscape.

External references