A sophisticated spearphishing attack campaign has targeted the maritime industry, delivering Agent Tesla and Formbook malware. Find out how the attackers managed to sneak past security solutions and what steps you can take to protect your organization. Read more now.
A single threat cluster conducted a sophisticated spearphishing attack campaign against the maritime industry, delivering Agent Tesla and Formbook malware. The campaign was first detected in October 2020, and it persisted for over a year before being detected. The email body usually pretended to inform recipients that the ship was docking at a port and asked the target to click on a malicious attachment for more details. Researchers found 20 such emails that appeared to come from a shipping company headquartered in Norway.
You might also like:
- Revamped Schengen Information System Now Allows Preventive Person Registration in All Schengen States
- Hiatus The Silent Threat: Business Routers Turned into Attackers’ Listening Posts
- 25 Tips and Tricks for Cybersecurity
- Hospital Clinic de Barcelona hit by Ransomware Attack, Cancels Thousands of Appointments
- Chick-fil-A Warns 71,000 Customers of Data Breach Due to Password Reuse
In mid-2022, the campaign switched from Agent Tesla to Formbook using CAB file attachments, and the threat cluster used four different delivery techniques to distribute Formbook. The use of commodity RATs suggests that the group is focused on obtaining sensitive information such as credentials, session tokens, and email lists, which could be leveraged in future BEC attacks or sold to provide initial access to other operators.
Although the identity of the threat group remains unknown, the maritime industry is vulnerable to future attacks, and experts suggest that maritime companies should focus on training their crew to recognize phishing lures to prevent threats due to phishing emails. The industry has also become a significant target of ransomware attacks, which calls for a proper review of cyber risks in shipboard operations, bridge communications, cargo operations, and other critical operations.