ZipLine Phishing Campaign Targets U.S. Manufacturing
Essential information
- Published
- 27/08/2025 19:13
- Modified
- 27/08/2025 19:42
- Tags
- 2025-08-27 dns tunneling manufacturing mixshell phishing zipline
- Related entities
- 32 observables, 4 techniques (mitre), 1 malware, 9 others
Description
A sophisticated phishing campaign called ZipLine is targeting U.S. manufacturing companies, especially those in supply chain-critical sectors. The attackers initiate contact through company contact forms, leading to weeks-long email conversations before delivering malicious payloads. They use legitimate-looking business interactions and AI-related pretexts to build trust. The campaign employs a custom malware called MixShell, which uses DNS TXT tunneling for command and control. The attackers utilize domains matching registered U.S. companies and maintain similar template websites across multiple domains. The campaign primarily targets U.S.-based organizations in industrial manufacturing, hardware, semiconductors, and other sectors, affecting both large enterprises and smaller businesses.